redline | d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c | Triage

Sharing

General

Target

93.exe
Size

992KB
Sample

230319-b1zhjaed48
MD5

ef96161362524c8c286e952471f9fa1a
SHA1

fe32786fce97cc4f6a95ced4e575c5e5c085edb1
SHA256

d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c
SHA512

e3ffcebb0aff06903de5270f769d2058f9963860eb3f5b382bb73236e659c9af68bb43f91ff0ab1fd2049fdefedeca3b7de949d969670b606bd5314580499b75
SSDEEP

24576:KTbBv5rUlIeORxtCYuAgOnouRgSc0YZZMyV9Y7j/ikiHTV4B:8BRe2xYVj+g1zMyVe7jZkTm

Score

10^/10

redline logsdiller cloud (buy sub: @logsdillabot)infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Buy Sub: @logsdillabot)

C2

51.89.204.181:22299

Attributes

auth_value
c58b36bf9ece1a6b9aa0c5080c9f7a04

Targets

- Target
  
  93.exe
- Size
  
  992KB
- MD5
  
  ef96161362524c8c286e952471f9fa1a
- SHA1
  
  fe32786fce97cc4f6a95ced4e575c5e5c085edb1
- SHA256
  
  d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c
- SHA512
  
  e3ffcebb0aff06903de5270f769d2058f9963860eb3f5b382bb73236e659c9af68bb43f91ff0ab1fd2049fdefedeca3b7de949d969670b606bd5314580499b75
- SSDEEP
  
  24576:KTbBv5rUlIeORxtCYuAgOnouRgSc0YZZMyV9Y7j/ikiHTV4B:8BRe2xYVj+g1zMyVe7jZkTm
Score

10^/10

redline logsdiller cloud (buy sub: @logsdillabot)infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (buy sub: @logsdillabot)infostealerspywarestealer

behavioral2

redlinelogsdiller cloud (buy sub: @logsdillabot)infostealerspywarestealer