Overview

overview

10

Static

static

10

520-94-0x0...ry.exe

windows7-x64

520-94-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    520-94-0x0000000000230000-0x0000000000BA2000-memory.dmp

  • Size

    9.4MB

  • Sample

    230328-smjctsdd3x

  • MD5

    e1e56585152a2dcb581105339d0ee454

  • SHA1

    f402d6b874273d99aef0b6db1f49ed12538fea28

  • SHA256

    bbc18dde3ed21e51e97e0187f63a2b8787ef3be6c3070e915497c66bfc179187

  • SHA512

    1189ad59a3cdbb258f1e73b8c4369502300c3646171fde7fe90dbeb2436a49ddda99fd1d5c39732705a97811f0e6353fcf475626f32cbb70768fa2602cdaac43

  • SSDEEP

    196608:2QQZN6NLt86pyG1YYR3oSzi6jPdvHa7ZO4N9/YsYWVvT3q:2qNLfS0iSZyFN9gsPb3q

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealerthemida

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

51.210.161.21:36108

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Targets

    • Target

      520-94-0x0000000000230000-0x0000000000BA2000-memory.dmp

    • Size

      9.4MB

    • MD5

      e1e56585152a2dcb581105339d0ee454

    • SHA1

      f402d6b874273d99aef0b6db1f49ed12538fea28

    • SHA256

      bbc18dde3ed21e51e97e0187f63a2b8787ef3be6c3070e915497c66bfc179187

    • SHA512

      1189ad59a3cdbb258f1e73b8c4369502300c3646171fde7fe90dbeb2436a49ddda99fd1d5c39732705a97811f0e6353fcf475626f32cbb70768fa2602cdaac43

    • SSDEEP

      196608:2QQZN6NLt86pyG1YYR3oSzi6jPdvHa7ZO4N9/YsYWVvT3q:2qNLfS0iSZyFN9gsPb3q

    Score
    10/10
    redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealerthemida

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks