General

  • Target

    e723a885c956656a53216d854afcc6de

  • Size

    1.5MB

  • Sample

    230320-aqdbwaah23

  • MD5

    e723a885c956656a53216d854afcc6de

  • SHA1

    845f8b52510c1714e2f5585edc028b19a90b6b33

  • SHA256

    ef29ff02580dea58092f579ac3fa01f9cd6acba051b430d174dc417b9b73a715

  • SHA512

    1031f1102731bea5bc78de0902aeb0517b34518077013ec1a1af1abbb1d59834a99f31f680b65567c874ae7f5880426154fc09b1d665d73fb39dea503d03fcc9

  • SSDEEP

    24576:0NA3R5drX/WCaG+q5Pr6q05Eu83pOB08yygFI2xjdgqAaxwk6zTl+TI926ISnEo:V5OCaG+/+t3H8ydVjd3AauTY6IQEo

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      e723a885c956656a53216d854afcc6de

    • Size

      1.5MB

    • MD5

      e723a885c956656a53216d854afcc6de

    • SHA1

      845f8b52510c1714e2f5585edc028b19a90b6b33

    • SHA256

      ef29ff02580dea58092f579ac3fa01f9cd6acba051b430d174dc417b9b73a715

    • SHA512

      1031f1102731bea5bc78de0902aeb0517b34518077013ec1a1af1abbb1d59834a99f31f680b65567c874ae7f5880426154fc09b1d665d73fb39dea503d03fcc9

    • SSDEEP

      24576:0NA3R5drX/WCaG+q5Pr6q05Eu83pOB08yygFI2xjdgqAaxwk6zTl+TI926ISnEo:V5OCaG+/+t3H8ydVjd3AauTY6IQEo

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks