redline | 91fde83c85a83a2ce242a1ebb819fd0eddc7291562d3cc756d64b6fd0a386b94 | Triage

Sharing

General

Target

file.exe
Size

330KB
Sample

221206-s5bqpsec21
MD5

cceeb294bd5e7b01e40f94616ae20df4
SHA1

6850d9bfbcc00b9cae98f197350905e3c2eca4e8
SHA256

91fde83c85a83a2ce242a1ebb819fd0eddc7291562d3cc756d64b6fd0a386b94
SHA512

121d63205c67b1bb7df41dc27169930a3f8acff7e16b1cdb39082e9d92c669348fc962b0b3d09e661c7e39f39c4a18a45db11918879f3e278d57d5774b0e4d10
SSDEEP

6144:PZY9aCa+KPVlA86o/29e3ohFFhmbcv3I+Q6rG5L/V:e9FKh6ou9wobm4v3I+Qn

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

135.125.27.235:22883

Attributes

auth_value
3a050df92d0cf082b2cdaf87863616be

Targets

- Target
  
  file.exe
- Size
  
  330KB
- MD5
  
  cceeb294bd5e7b01e40f94616ae20df4
- SHA1
  
  6850d9bfbcc00b9cae98f197350905e3c2eca4e8
- SHA256
  
  91fde83c85a83a2ce242a1ebb819fd0eddc7291562d3cc756d64b6fd0a386b94
- SHA512
  
  121d63205c67b1bb7df41dc27169930a3f8acff7e16b1cdb39082e9d92c669348fc962b0b3d09e661c7e39f39c4a18a45db11918879f3e278d57d5774b0e4d10
- SSDEEP
  
  6144:PZY9aCa+KPVlA86o/29e3ohFFhmbcv3I+Q6rG5L/V:e9FKh6ou9wobm4v3I+Qn
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)infostealer