General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230227-tqs7waec4x

  • MD5

    0deb9ddb90ed50f5823dcf579fdc406a

  • SHA1

    92fb5d923bdcee4c0a531d5e2f8e4fe3d4610cbc

  • SHA256

    48ed2056ad5f419e1a9d7d2f5ad17b3623324ce06464d6bf4e05394e3be843fd

  • SHA512

    8d9a24ca62033a8b2701d14ac58e4681b488a43dd410ab1b89c90567bc305319294ba80b848380d8c3a40f9642e25c5bf18544d10bf6e08d735c6bb78420fe80

  • SSDEEP

    6144:wr4XDXiN9smJJzsOqxGLpt9LAair/ulc/uERsSq9+iz7l4sX:w8XD1OqG2/ulc/ussSq9+iCsX

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      0deb9ddb90ed50f5823dcf579fdc406a

    • SHA1

      92fb5d923bdcee4c0a531d5e2f8e4fe3d4610cbc

    • SHA256

      48ed2056ad5f419e1a9d7d2f5ad17b3623324ce06464d6bf4e05394e3be843fd

    • SHA512

      8d9a24ca62033a8b2701d14ac58e4681b488a43dd410ab1b89c90567bc305319294ba80b848380d8c3a40f9642e25c5bf18544d10bf6e08d735c6bb78420fe80

    • SSDEEP

      6144:wr4XDXiN9smJJzsOqxGLpt9LAair/ulc/uERsSq9+iz7l4sX:w8XD1OqG2/ulc/ussSq9+iCsX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks