General

  • Target

    file

  • Size

    433KB

  • Sample

    240112-l77slaefg8

  • MD5

    934a149a5b670c176df9151be74c8b7b

  • SHA1

    1801553170cbf0d4511b0e87a3dd8820e5656460

  • SHA256

    ab9f7995b911511781cfb226027d60173f2ab8f6482372f51756fa40d93b2f59

  • SHA512

    23909b107287dbdc5af70e13488a19465353425b56bc43baccbfc38c901632d5cdca9748fa5bf323686e1c01c13874f4d97511bca7d1e8b93ab4fe52178d82b4

  • SSDEEP

    6144:K59M5pbvywa5Tc8QVzMZUi9xKZjIKLBhOILQc/STFloRM213dYBQ2cgyybxFzJeS:f1aN17gZjvBskMhT213Ocgyybxx

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

195.20.16.168:34926

Targets

    • Target

      file

    • Size

      433KB

    • MD5

      934a149a5b670c176df9151be74c8b7b

    • SHA1

      1801553170cbf0d4511b0e87a3dd8820e5656460

    • SHA256

      ab9f7995b911511781cfb226027d60173f2ab8f6482372f51756fa40d93b2f59

    • SHA512

      23909b107287dbdc5af70e13488a19465353425b56bc43baccbfc38c901632d5cdca9748fa5bf323686e1c01c13874f4d97511bca7d1e8b93ab4fe52178d82b4

    • SSDEEP

      6144:K59M5pbvywa5Tc8QVzMZUi9xKZjIKLBhOILQc/STFloRM213dYBQ2cgyybxFzJeS:f1aN17gZjvBskMhT213Ocgyybxx

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks