General

  • Target

    d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b

  • Size

    702KB

  • Sample

    230922-ewxpxsch4t

  • MD5

    05015e867556f115a954724cdfd8ef0c

  • SHA1

    b6170879fc31663cb4f74c5c397875a0ed22bb5e

  • SHA256

    d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b

  • SHA512

    3b040e8022eef2c902714cb2bf0b51bc73354008b07afcb9ed310493c1f5895a0aed9b2543dcb66db020dece48bbc9f6c0e79b0ee0fc932fb96f057b031dc0ed

  • SSDEEP

    6144:i42shISlGy/QgBhgPfgjadztfdeVc4uVQfo2V2Q+KfuJxxREfdacUUq1csC:h2shISH/QgoPfg44uVQfoC2Q+guqAC

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.38.95.107:42494

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b

    • Size

      702KB

    • MD5

      05015e867556f115a954724cdfd8ef0c

    • SHA1

      b6170879fc31663cb4f74c5c397875a0ed22bb5e

    • SHA256

      d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b

    • SHA512

      3b040e8022eef2c902714cb2bf0b51bc73354008b07afcb9ed310493c1f5895a0aed9b2543dcb66db020dece48bbc9f6c0e79b0ee0fc932fb96f057b031dc0ed

    • SSDEEP

      6144:i42shISlGy/QgBhgPfgjadztfdeVc4uVQfo2V2Q+KfuJxxREfdacUUq1csC:h2shISH/QgoPfg44uVQfoC2Q+guqAC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks