Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    230111-q1tdvaha6x

  • MD5

    20b59285f6427a8052410595ecd699d4

  • SHA1

    e11acaff7f7b25c8c04b011979f57e0c82df83bc

  • SHA256

    ed58b879ba33504b8994151c6bb34ce81d2b2f41645da9ffe4431375ed2328fd

  • SHA512

    04ae97a361ec16c3f87a961563dc0483d44eef31be937c791bf06f1a19717121615f27be556294482b5f69ddcc4ce37a9dbe05c978e93a4a89cd143251bf25a9

  • SSDEEP

    49152:V5OyUCmRByfzvY1gep8iIzjtv8QOIo1xH5KMvLuW:V54CCBcvY+ziIXtv8HIonZ7

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.210.137.6:47909

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      20b59285f6427a8052410595ecd699d4

    • SHA1

      e11acaff7f7b25c8c04b011979f57e0c82df83bc

    • SHA256

      ed58b879ba33504b8994151c6bb34ce81d2b2f41645da9ffe4431375ed2328fd

    • SHA512

      04ae97a361ec16c3f87a961563dc0483d44eef31be937c791bf06f1a19717121615f27be556294482b5f69ddcc4ce37a9dbe05c978e93a4a89cd143251bf25a9

    • SSDEEP

      49152:V5OyUCmRByfzvY1gep8iIzjtv8QOIo1xH5KMvLuW:V54CCBcvY+ziIXtv8HIonZ7

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks