General

  • Target

    file.exe

  • Size

    981KB

  • Sample

    230301-q2ypysgd49

  • MD5

    94dfc891aa27419d37423d70ac220e5e

  • SHA1

    3dafb9931ec6a1cad4c4d3482ce7db69c64ad633

  • SHA256

    4c6f4d45b31c11bd43480add5933406341980f7ee019b8473d653cad13e024f3

  • SHA512

    b9d1de333ae51d53fa86e17e2f9436b0541194a0feabe2fc371385e9967b954c023979c730cdb7ecb158ff05a01d8eedfe60d736190a4a132ff54d88c3271f9d

  • SSDEEP

    24576:0NA3R5drX/W17yVwwBe+qZPAOnt/yXh89WgYh+mKE2:V5O17kwwM+qZPVt/hFE2

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      981KB

    • MD5

      94dfc891aa27419d37423d70ac220e5e

    • SHA1

      3dafb9931ec6a1cad4c4d3482ce7db69c64ad633

    • SHA256

      4c6f4d45b31c11bd43480add5933406341980f7ee019b8473d653cad13e024f3

    • SHA512

      b9d1de333ae51d53fa86e17e2f9436b0541194a0feabe2fc371385e9967b954c023979c730cdb7ecb158ff05a01d8eedfe60d736190a4a132ff54d88c3271f9d

    • SSDEEP

      24576:0NA3R5drX/W17yVwwBe+qZPAOnt/yXh89WgYh+mKE2:V5O17kwwM+qZPVt/hFE2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks