General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230309-x4czlabe4t

  • MD5

    af8a3624aa77ab4ec744a8da3b94b088

  • SHA1

    59bf40c93a25ae11ddc963e7439a9b4cf2cf7e3b

  • SHA256

    57435b3537e73c0f03c6dd67256e2b30ab32f673a19f4e0ef4a23844a01dc441

  • SHA512

    09f00a45620c7a555e2782431e3f5236106fb5da6efa9cb6779ef2b4cf68240fabb1399be03552bfff3201f3f1a5dcce94660365e3611b576aa41e02a84ca19d

  • SSDEEP

    6144:UTNQESjsYwNtGiRsAOoS4e/3bw5NFnUBFtAl:mNQESja3sWXe/bw9ePAl

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      af8a3624aa77ab4ec744a8da3b94b088

    • SHA1

      59bf40c93a25ae11ddc963e7439a9b4cf2cf7e3b

    • SHA256

      57435b3537e73c0f03c6dd67256e2b30ab32f673a19f4e0ef4a23844a01dc441

    • SHA512

      09f00a45620c7a555e2782431e3f5236106fb5da6efa9cb6779ef2b4cf68240fabb1399be03552bfff3201f3f1a5dcce94660365e3611b576aa41e02a84ca19d

    • SSDEEP

      6144:UTNQESjsYwNtGiRsAOoS4e/3bw5NFnUBFtAl:mNQESja3sWXe/bw9ePAl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks