General

  • Target

    367d2756c150660b8a10eb4cc9b9156c

  • Size

    931KB

  • Sample

    230320-am1yrsag83

  • MD5

    367d2756c150660b8a10eb4cc9b9156c

  • SHA1

    fbecfbef0552baf1e1d020111e682c28c447550d

  • SHA256

    eafe8943fb59601a8fde733bca989392136027e61bf84210ff2cfa95a124e581

  • SHA512

    67e1d25a9f1f381a54102c8afc9d8ad81dc8119167ebe01031cb8f81cf528b679c3afd559147148565ee307a0dc0d8e166d1ea129d08242941fe2eb04102a365

  • SSDEEP

    24576:0NA3R5drX/WpprqbVBnEv32hU40T96UQU7:V5OppCNEv3jn6U/7

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      367d2756c150660b8a10eb4cc9b9156c

    • Size

      931KB

    • MD5

      367d2756c150660b8a10eb4cc9b9156c

    • SHA1

      fbecfbef0552baf1e1d020111e682c28c447550d

    • SHA256

      eafe8943fb59601a8fde733bca989392136027e61bf84210ff2cfa95a124e581

    • SHA512

      67e1d25a9f1f381a54102c8afc9d8ad81dc8119167ebe01031cb8f81cf528b679c3afd559147148565ee307a0dc0d8e166d1ea129d08242941fe2eb04102a365

    • SSDEEP

      24576:0NA3R5drX/WpprqbVBnEv32hU40T96UQU7:V5OppCNEv3jn6U/7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks