General

  • Target

    file

  • Size

    1.4MB

  • Sample

    230226-wzcmlahg48

  • MD5

    d4c28033493d42ee0f3504e163185d86

  • SHA1

    e1a5d924878e38334fd2af17fb710d54a8fd1b38

  • SHA256

    87517abbcad09f64261b35b8379f5766819749008ca1e146082fccf99872002d

  • SHA512

    bbed46cd3bf32e2483b08f03c2d1b32da2a47cb48ada189004cae7b9ddfc5858c0bc7aeae4b8781bd00fd580c7328ad23968862fac352708fd9112de7ca88bdf

  • SSDEEP

    6144:ATlRsO3DlYaypWrIFYgj2NQHpg3+K+a6SICMl5WJuh/cn:ATlR6aUlFY+2NKOlICdCcn

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file

    • Size

      1.4MB

    • MD5

      d4c28033493d42ee0f3504e163185d86

    • SHA1

      e1a5d924878e38334fd2af17fb710d54a8fd1b38

    • SHA256

      87517abbcad09f64261b35b8379f5766819749008ca1e146082fccf99872002d

    • SHA512

      bbed46cd3bf32e2483b08f03c2d1b32da2a47cb48ada189004cae7b9ddfc5858c0bc7aeae4b8781bd00fd580c7328ad23968862fac352708fd9112de7ca88bdf

    • SSDEEP

      6144:ATlRsO3DlYaypWrIFYgj2NQHpg3+K+a6SICMl5WJuh/cn:ATlR6aUlFY+2NKOlICdCcn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks