Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file

  • Size

    804KB

  • Sample

    230821-chn5hsac49

  • MD5

    7fee772359eebfc7325fc47595ba585f

  • SHA1

    9d078b8928a927ea394f72d205aaf88b7bb0ee82

  • SHA256

    b106a69dc034910468926bd1e55f030a60cafdc2bf1af8f1cd5d683c110eb8ae

  • SHA512

    cf7e38a6e4119f52b79df7672d43c3144e8783fe519c6b2d407f4847cefe0b04c7441f3c8fa834af2edfea6a1396f02f19033fc11437ad155766882709443c68

  • SSDEEP

    24576:b756pE2VWHv6xRRZyPg2mRkH1xnfN4dUjL8lKaj:b7KVWHv6xJyPBxnFaUjL8lKW

Score
10/10
redlinelogsdiller cloud (buy: @logsdillabot)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Buy: @logsdillabot)

C2

149.202.0.242:31728

Attributes
  • auth_value

    18f282243ca918bb8571dc26addba30e

Targets

    • Target

      file

    • Size

      804KB

    • MD5

      7fee772359eebfc7325fc47595ba585f

    • SHA1

      9d078b8928a927ea394f72d205aaf88b7bb0ee82

    • SHA256

      b106a69dc034910468926bd1e55f030a60cafdc2bf1af8f1cd5d683c110eb8ae

    • SHA512

      cf7e38a6e4119f52b79df7672d43c3144e8783fe519c6b2d407f4847cefe0b04c7441f3c8fa834af2edfea6a1396f02f19033fc11437ad155766882709443c68

    • SSDEEP

      24576:b756pE2VWHv6xRRZyPg2mRkH1xnfN4dUjL8lKaj:b7KVWHv6xJyPBxnFaUjL8lKW

    Score
    10/10
    redlinelogsdiller cloud (buy: @logsdillabot)infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks