General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230311-tb8n1scb41

  • MD5

    6d601010d087f1f7ae66ac4aa3c9f1b1

  • SHA1

    250580e233b501b7f1f8e74a4ff955a39b4d9f80

  • SHA256

    ae3085ff3a64910dd1835bf490fb946a3e43bca523642dfa2e4e2a93e128a89b

  • SHA512

    ad502f46104f52b00f9ceb2ee4432c614b6db1dfd56af3c6b9c5c05265459658eac1ecfd3fe48555094a69eaab1e5b0b5de825b274dc6393c06b51160de9fe58

  • SSDEEP

    6144:ViguLqwytKj+4Qc6xDAOLlG6x7WyRiDeY:VfuLqwR+NxDR0Te

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      6d601010d087f1f7ae66ac4aa3c9f1b1

    • SHA1

      250580e233b501b7f1f8e74a4ff955a39b4d9f80

    • SHA256

      ae3085ff3a64910dd1835bf490fb946a3e43bca523642dfa2e4e2a93e128a89b

    • SHA512

      ad502f46104f52b00f9ceb2ee4432c614b6db1dfd56af3c6b9c5c05265459658eac1ecfd3fe48555094a69eaab1e5b0b5de825b274dc6393c06b51160de9fe58

    • SSDEEP

      6144:ViguLqwytKj+4Qc6xDAOLlG6x7WyRiDeY:VfuLqwR+NxDR0Te

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks