General

  • Target

    7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe

  • Size

    992KB

  • Sample

    230408-hweqwscb96

  • MD5

    d0966ed4ab92da20727b209e46fa8001

  • SHA1

    d91b4a235bc0b4ccd81b55daa2443f078084bad3

  • SHA256

    7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe

  • SHA512

    7da4f1d454dcc7a4f2125a057b524a9dba9ae2147848e5b47a01c56eece242d9c92505aa2bf9ab9b9964f7d5fda63e0ca2a39fc1f32ee5b15470d1262ee12006

  • SSDEEP

    24576:uTbBv5rUlIMgrjMUHTdv9UeRSdRW4goi3qxNIRBCVqPU+3+MS:QBRMgrjMUHTdSeREXg96DYYqPL

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.204.181:22299

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe

    • Size

      992KB

    • MD5

      d0966ed4ab92da20727b209e46fa8001

    • SHA1

      d91b4a235bc0b4ccd81b55daa2443f078084bad3

    • SHA256

      7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe

    • SHA512

      7da4f1d454dcc7a4f2125a057b524a9dba9ae2147848e5b47a01c56eece242d9c92505aa2bf9ab9b9964f7d5fda63e0ca2a39fc1f32ee5b15470d1262ee12006

    • SSDEEP

      24576:uTbBv5rUlIMgrjMUHTdv9UeRSdRW4goi3qxNIRBCVqPU+3+MS:QBRMgrjMUHTdSeREXg96DYYqPL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks