redline | 17d42381937054b8467336c1cfec07b38afe9d7cce350a8c1e9b5e294807a916 | Triage

Sharing

General

Target

dc4af13653424361c3cf615cdfff3afa.bin
Size

232KB
Sample

230717-cjzbwahg96
MD5

2fa6370cf57b02f9954e2a0b82ed8d79
SHA1

b94f1331837db5d5fab9d4b36afdfbca36f45155
SHA256

17d42381937054b8467336c1cfec07b38afe9d7cce350a8c1e9b5e294807a916
SHA512

6732aaa80d07f691d31b39c61aa80fdc441dc2344895f4fdd123bb78da3fb0fcf24f67fa8ec0ade4877dbae00d2f06d5fe7bb78ca9243e2db51a15fcf6008eb0
SSDEEP

6144:IIvrgbxUXlFVVXPC7rwwl+ddduWgsl+829KP799L:NrgbxorXE7YhuVsJ2Y77

Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

213.32.110.216:23067

Attributes

auth_value
c2955ed3813a798683a185a82e949f88

Targets

- Target
  
  2748995dd79da265db6a23c20365943d3c3632fde874ad56c49915150bd01043.exe
- Size
  
  334KB
- MD5
  
  dc4af13653424361c3cf615cdfff3afa
- SHA1
  
  1194c7654ecd0056e3c87ed9223d62f4380d52c6
- SHA256
  
  2748995dd79da265db6a23c20365943d3c3632fde874ad56c49915150bd01043
- SHA512
  
  850e180167cf3c430d3c5a8ed0ab7d261f368476eb7bef565e106da47e4d3ebc00d452f49f4aa670d065da167ec589a23305becc70323148caec2e719727c684
- SSDEEP
  
  6144:RLOYUsEKB7WUjcsTgaNFsvmCQu4sFjcMaT:Rix9KZWUvgVuCQYHM
Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (telegram: @logsdillabot)infostealer

behavioral2