Overview

overview

10

Static

static

3

02faea4481...95.exe

windows7-x64

10

02faea4481...95.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d402aec3dc56d6b77d17685e5c6ba4ca.bin

  • Size

    240KB

  • Sample

    230610-ct9wcseg5v

  • MD5

    0442004556190a5a77233337d59707cc

  • SHA1

    a025e3791bbe12a4302dce38f56030337bdaf032

  • SHA256

    f755e2eb33908192d563d87f0ff6fbb722fbb2b8561cfe9bf383cdb291d8fe85

  • SHA512

    0fc7d73ec274f2ea292e8b6d2d6861f63c50b718a4c323f72be1fc5bcf90f76bdd8733489ed2672c1ba90bed9cbc0544a537a389bdea0d4b25680caa75115d1e

  • SSDEEP

    6144:AUDagutTSj9F76573aSxMvWZD3uC50fBFiz:riSjH767jkSq7iz

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

147.135.231.58:39396

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Targets

    • Target

      02faea4481281e7d6e4bd48f06e969b6a9854d4746525af6ccae7a9748b49b95.exe

    • Size

      366KB

    • MD5

      d402aec3dc56d6b77d17685e5c6ba4ca

    • SHA1

      f867b9cc5aebc7e842c2201b0ace55f311d8b49d

    • SHA256

      02faea4481281e7d6e4bd48f06e969b6a9854d4746525af6ccae7a9748b49b95

    • SHA512

      4dcd96e71fc802ff60043ee8867a4f05e70ee6a6fb7948f30499b48963aba490af6b3cc1096e694965e8336c466cfff08fd73fd2a0ac70a8d9e7444bc3581466

    • SSDEEP

      6144:T542pYxE5tayWiTndiZI1sxgsHwtjahCaJHhgsq:T+2paUayWcnIZIEgvabg

    Score
    10/10
    redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks