redline | 8b2bd13e6c8e3d7f748bacffa323a049ecc1207cc79396824b786debf22e5b15 | Triage

Submit
Reports

Overview

overview

Static

static

3

d2f321fb9e...48.exe

windows7-x64

d2f321fb9e...48.exe

windows10-2004-x64

Sharing

General

Target

redline_12499579432.zip
Size

347KB
Sample

231024-zhay8aac5s
MD5

197927a8c5fe819ec21f78b68f0a1c43
SHA1

f57e6b64a7b7f18fc14bed28ab938931080fe116
SHA256

8b2bd13e6c8e3d7f748bacffa323a049ecc1207cc79396824b786debf22e5b15
SHA512

a73b0b66bcaeee433d6e504807d3f3fdd9220dd0eef8543204cd50a45c955aff86ac1e1dd8061d75e990230e1551bac4cdb6d8d58d708b85fb9baee187faa333
SSDEEP

6144:En2cwyB0STN6A1r/+fwRamM5NNTi/a010H6d689XMDDrG:62cwyVTN6eC4RtMfB40aM89XMDDrG

Score

10^/10

redline logsdiller cloud (tg: @mr_golds)infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248.exe

Resource

win7-20231020-en

redline logsdiller cloud (tg: @mr_golds)infostealer

windows7-x64

7 signatures

600 seconds

Behavioral task

behavioral2

Sample

d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248.exe

Resource

win10v2004-20231023-en

redline logsdiller cloud (tg: @mr_golds)infostealer

windows10-2004-x64

7 signatures

600 seconds

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @mr_golds)

C2

109.107.185.135:9303

Attributes

auth_value
4b2de03af6b6ac513ac597c2e6c1ad51

Targets

- Target
  
  d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248
- Size
  
  463KB
- MD5
  
  0d9f444b57f4c8b34a6bc4f89561f943
- SHA1
  
  0b0123d06d46aa035e8f09f537401ccc1ac442e0
- SHA256
  
  d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248
- SHA512
  
  3164fe048680474c83f9c8a288e709aae321b3bfb0db13d5b28774f382c5448a0b9d31dd1370204b453531e522b697c6acb7b51099fccd834c8216cf1421da08
- SSDEEP
  
  12288:JcrNS33L10QdrXZT+tcWnyrNz+9prWlNW:0NA3R5drX/Wii9Gk
Score

10^/10

redline logsdiller cloud (tg: @mr_golds)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @mr_golds)infostealer

behavioral2

redlinelogsdiller cloud (tg: @mr_golds)infostealer

© 2018-2024

Terms | Privacy