General

  • Target

    123.exe

  • Size

    1.2MB

  • Sample

    230303-myz7tsgf3v

  • MD5

    8494ca7ab9449d75b140c54e991728a5

  • SHA1

    15f141e605256e13efc543a2db1b672d1df3b8bf

  • SHA256

    cea75be39f6e0ba0a4d42a5d00ae4b4cfade28e7ed28d7fb28bc41bbb3bd4734

  • SHA512

    827868f9e1c13800942782ccaa46730f02cd9741596a1e38e65cb061d4cc5d9a4317caeedb99b5509b76e473c81439a11ddbb1a2292e8e3d1da0ad55cd20994a

  • SSDEEP

    6144:FtrS3bB2cu6reOGSAOykliQ0WTUkE4zgiQ:i3bBbqSIkliTWokE48i

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      123.exe

    • Size

      1.2MB

    • MD5

      8494ca7ab9449d75b140c54e991728a5

    • SHA1

      15f141e605256e13efc543a2db1b672d1df3b8bf

    • SHA256

      cea75be39f6e0ba0a4d42a5d00ae4b4cfade28e7ed28d7fb28bc41bbb3bd4734

    • SHA512

      827868f9e1c13800942782ccaa46730f02cd9741596a1e38e65cb061d4cc5d9a4317caeedb99b5509b76e473c81439a11ddbb1a2292e8e3d1da0ad55cd20994a

    • SSDEEP

      6144:FtrS3bB2cu6reOGSAOykliQ0WTUkE4zgiQ:i3bBbqSIkliTWokE48i

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks