General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    230225-p872jadc74

  • MD5

    9c517ef5a9a99285db8595eba148e6f4

  • SHA1

    7ad74dfe2181019f5954af8e36c78d7edd287b31

  • SHA256

    549955d44dccd997f7b3a5d941bf0a3b365e42aba32ffe7a8d89e94cd475137d

  • SHA512

    2625da84dd981db546b7363b1d72ea708f907de4c94ff07d132594ac235e81ec6fa4aee72c571c5fb335cf7c21c4c432f2c175babfac8723a0a9d693a4957200

  • SSDEEP

    12288:367MlzTvUuXkFho5+t1BSIdreBaHcDDG45H3jAsgwWiGuIu:GgzTUmKUWV

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      9c517ef5a9a99285db8595eba148e6f4

    • SHA1

      7ad74dfe2181019f5954af8e36c78d7edd287b31

    • SHA256

      549955d44dccd997f7b3a5d941bf0a3b365e42aba32ffe7a8d89e94cd475137d

    • SHA512

      2625da84dd981db546b7363b1d72ea708f907de4c94ff07d132594ac235e81ec6fa4aee72c571c5fb335cf7c21c4c432f2c175babfac8723a0a9d693a4957200

    • SSDEEP

      12288:367MlzTvUuXkFho5+t1BSIdreBaHcDDG45H3jAsgwWiGuIu:GgzTUmKUWV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks