General

  • Target

    d6448d3082b315cf8dfa2dbbd9962b2c.exe

  • Size

    342KB

  • Sample

    230810-r5ab7sfd9x

  • MD5

    d6448d3082b315cf8dfa2dbbd9962b2c

  • SHA1

    49bfd5dec78118eef7fb377328ef49bfe18063ae

  • SHA256

    5d6b4e79354059546f003225ed6a08bc4636d66876b714f24440f5568e5e7f81

  • SHA512

    e69d0fbdcb09d2ffdc711668d432d66975d7c654e76854fc6d4112e9a6a0235eef0dc7f1a4f91354a6b16cdb713d2c37c89fe931057b19dfc75009ae648821fa

  • SSDEEP

    6144:2nK3ahuyufDH2Fgn2inVnJkRXIu9xf2/iwtf1:O+Nyu7WFM2UJMw/iO1

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

136.244.98.226:33587

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      d6448d3082b315cf8dfa2dbbd9962b2c.exe

    • Size

      342KB

    • MD5

      d6448d3082b315cf8dfa2dbbd9962b2c

    • SHA1

      49bfd5dec78118eef7fb377328ef49bfe18063ae

    • SHA256

      5d6b4e79354059546f003225ed6a08bc4636d66876b714f24440f5568e5e7f81

    • SHA512

      e69d0fbdcb09d2ffdc711668d432d66975d7c654e76854fc6d4112e9a6a0235eef0dc7f1a4f91354a6b16cdb713d2c37c89fe931057b19dfc75009ae648821fa

    • SSDEEP

      6144:2nK3ahuyufDH2Fgn2inVnJkRXIu9xf2/iwtf1:O+Nyu7WFM2UJMw/iO1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks