General

  • Target

    bd308fdc3dad7b71a15b2ab609a49922.exe

  • Size

    997KB

  • Sample

    230324-hcxscscf83

  • MD5

    bd308fdc3dad7b71a15b2ab609a49922

  • SHA1

    4f6a6cc92d2fdc3b1c7caaacdb4dfbceeb7329a9

  • SHA256

    90655e3b08fb570c3a012f636be8480f8b3a6eace0c39ecb92cddc5e860bc240

  • SHA512

    c792a1559d1b9cb83c013b28627a1e13c124289de8f07979ea4ced1f748b875851ace976f836a1814df965465adc855693915f627560274392ac48f95648fbc2

  • SSDEEP

    12288:FToPWBv/cpGrU3yDT+tjI9tnj1i2+Qrm0OodmKiZ3yxSxiWuq9Hz9MX3oXjJ3LHV:FTbBv5rUlIfj1z+EmcdDykqvTJbHnV

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.210.161.21:36108

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      bd308fdc3dad7b71a15b2ab609a49922.exe

    • Size

      997KB

    • MD5

      bd308fdc3dad7b71a15b2ab609a49922

    • SHA1

      4f6a6cc92d2fdc3b1c7caaacdb4dfbceeb7329a9

    • SHA256

      90655e3b08fb570c3a012f636be8480f8b3a6eace0c39ecb92cddc5e860bc240

    • SHA512

      c792a1559d1b9cb83c013b28627a1e13c124289de8f07979ea4ced1f748b875851ace976f836a1814df965465adc855693915f627560274392ac48f95648fbc2

    • SSDEEP

      12288:FToPWBv/cpGrU3yDT+tjI9tnj1i2+Qrm0OodmKiZ3yxSxiWuq9Hz9MX3oXjJ3LHV:FTbBv5rUlIfj1z+EmcdDykqvTJbHnV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks