General

  • Target

    4f5949d4f29acac886fc57e87649c031edcb2e0b675fd9537b5e3fc736b93edf_JC.exe

  • Size

    382KB

  • Sample

    230912-p6rlrsce8v

  • MD5

    2b498b3902d5116128b410a3ed895559

  • SHA1

    c3eb741abfc77173d465d1eb06f1d9ef79df6efc

  • SHA256

    4f5949d4f29acac886fc57e87649c031edcb2e0b675fd9537b5e3fc736b93edf

  • SHA512

    66e7dd7893d15640967bfc33a5eddb055dacf2e19a54357137dc0e2ccbff20f6437c27a2f4b0cf6e13ac0d3c343661769c632ad59c63684880850217a3eada55

  • SSDEEP

    6144:4AtRVdU5tKqCVkYdkEktqoigAOzbCB4UM6R3czV2vcD3iLHrBi:4D5tHCOPfVXUM6R3sVUCurBi

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.38.95.107:42494

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      4f5949d4f29acac886fc57e87649c031edcb2e0b675fd9537b5e3fc736b93edf_JC.exe

    • Size

      382KB

    • MD5

      2b498b3902d5116128b410a3ed895559

    • SHA1

      c3eb741abfc77173d465d1eb06f1d9ef79df6efc

    • SHA256

      4f5949d4f29acac886fc57e87649c031edcb2e0b675fd9537b5e3fc736b93edf

    • SHA512

      66e7dd7893d15640967bfc33a5eddb055dacf2e19a54357137dc0e2ccbff20f6437c27a2f4b0cf6e13ac0d3c343661769c632ad59c63684880850217a3eada55

    • SSDEEP

      6144:4AtRVdU5tKqCVkYdkEktqoigAOzbCB4UM6R3czV2vcD3iLHrBi:4D5tHCOPfVXUM6R3sVUCurBi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks