redline

General

Target

abc3887732b42b2c1205bab8308fd696.bin
Size

230KB
Sample

230517-btdbqadc68
MD5

e2b3112dacb4bd5c3c4d9773ed57ffac
SHA1

8a168c34521c66cb4f963683913c73e0041b2544
SHA256

b32df73e14e2581015843aefa56ff5da061668420e71438853a6dd3b92e78f16
SHA512

8bb45cb5cd11fd63de5077bdfbac07ccb7264239883e624577c6f1e7e7ec993a6b212acede9031c538665ff0b734caa2c30e06acd1bf5a13b72ef8ee5f10e0bf
SSDEEP

6144:z8lxcvEwtcYFE45092WYEL01TUEgK/GI0rQ0QAdO/CYOGzN3H:z8l+JOYFt09PHwtpOI0rQGy3zhH

Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

178.33.182.70:18918

Attributes

auth_value
c2955ed3813a798683a185a82e949f88

Targets

- Target
  
  cd255ffa7973cee8e0db0cdc9959a616ced95e020a8b92ad503ea309425de033.exe
- Size
  
  323KB
- MD5
  
  abc3887732b42b2c1205bab8308fd696
- SHA1
  
  eafe72d8c7df39bbb47a56e87f2a5d3e7fd90fd8
- SHA256
  
  cd255ffa7973cee8e0db0cdc9959a616ced95e020a8b92ad503ea309425de033
- SHA512
  
  bcd3eb98c6d98d118886ad1caf026dc7d659be5a0eaa149601e4eb6b2f1a6875d894ad6cda837faaa8ac419e96793ba0ec260785e318ca44d487c0e664c1243e
- SSDEEP
  
  6144:NgBWCEC1rnI6nuUIyDyaWQ7akcyMzJhuIUvgKZ:iBWCEC5fLuaWQ7akcyoUf
Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2