General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230228-t4s42abh2w

  • MD5

    da4360b12f0f88c9b17d67c96505e4c5

  • SHA1

    1cd70d78a30236f05e0cef16da51df1ad7f77d1a

  • SHA256

    5bade268b67fbd24241fbc7759697cf2515dc54f4812ffc753e12a3db23945ae

  • SHA512

    3ad660ac538fb67ef32b8e4bcda5c1983aca9fada3b12357afdd53a0daba38d8def7677f65a91f057834997526ce05295c514e2ae160c5a5895fb3b82ff13e48

  • SSDEEP

    6144:dsGMTIQl2t9xKQzAAOf6yqTmwMCWE3rlPl:dfMTIg2xANYTmJC/Pl

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      da4360b12f0f88c9b17d67c96505e4c5

    • SHA1

      1cd70d78a30236f05e0cef16da51df1ad7f77d1a

    • SHA256

      5bade268b67fbd24241fbc7759697cf2515dc54f4812ffc753e12a3db23945ae

    • SHA512

      3ad660ac538fb67ef32b8e4bcda5c1983aca9fada3b12357afdd53a0daba38d8def7677f65a91f057834997526ce05295c514e2ae160c5a5895fb3b82ff13e48

    • SSDEEP

      6144:dsGMTIQl2t9xKQzAAOf6yqTmwMCWE3rlPl:dfMTIg2xANYTmJC/Pl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks