General

  • Target

    244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe

  • Size

    1.5MB

  • Sample

    230405-m6zk9sea73

  • MD5

    46483fa7468e34ce2ddf1f89c282c8c9

  • SHA1

    0dd6b938c8e5c5c1702b9d5929b8cee6b694855b

  • SHA256

    244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444

  • SHA512

    5b580a5bddba8837cfdda63eb1cc04c612a239ea08bac187e8968eff0f983a9ecede552639539047533db951c76456f869ec5f97a11bb24fb17df470aa2eba38

  • SSDEEP

    24576:0NA3R5drX/Wb4b7hdC6fAU6B/AqoUiB7SMoildKv2hJVffhG/8ertiytCv2nUeTE:V5Obuhh44PB77JVI8eJiywqV2pR/

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe

    • Size

      1.5MB

    • MD5

      46483fa7468e34ce2ddf1f89c282c8c9

    • SHA1

      0dd6b938c8e5c5c1702b9d5929b8cee6b694855b

    • SHA256

      244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444

    • SHA512

      5b580a5bddba8837cfdda63eb1cc04c612a239ea08bac187e8968eff0f983a9ecede552639539047533db951c76456f869ec5f97a11bb24fb17df470aa2eba38

    • SSDEEP

      24576:0NA3R5drX/Wb4b7hdC6fAU6B/AqoUiB7SMoildKv2hJVffhG/8ertiytCv2nUeTE:V5Obuhh44PB77JVI8eJiywqV2pR/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks