General

  • Target

    a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f

  • Size

    1.1MB

  • Sample

    230314-w9pd5shb59

  • MD5

    2bd999eaee31ea5fadf06fa97bb96d88

  • SHA1

    f312c1506848d4cf648286ee7e79c5562e112683

  • SHA256

    a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f

  • SHA512

    72cfb60ea3fe021759724030a062efb43aa2005996b03fc7d1d5c1bb8ab7bf4bd93f30bc08aeedf10139dc282b3b66c6ece768237e2489663f175c0e02702f38

  • SSDEEP

    6144:DQInIYF4l9rZmvvCjAO9V0UHk8CnTErrFnPPdWYwmwLI:DD1Gl9rtnrZh5wc

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f

    • Size

      1.1MB

    • MD5

      2bd999eaee31ea5fadf06fa97bb96d88

    • SHA1

      f312c1506848d4cf648286ee7e79c5562e112683

    • SHA256

      a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f

    • SHA512

      72cfb60ea3fe021759724030a062efb43aa2005996b03fc7d1d5c1bb8ab7bf4bd93f30bc08aeedf10139dc282b3b66c6ece768237e2489663f175c0e02702f38

    • SSDEEP

      6144:DQInIYF4l9rZmvvCjAO9V0UHk8CnTErrFnPPdWYwmwLI:DD1Gl9rtnrZh5wc

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks