Overview

overview

10

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1350146ba52f8c6bd479470229b7d1ed05caa7aa96c1bc1c6f3a0518c0e8b85

  • Size

    473KB

  • Sample

    240202-fnl4wsgfdn

  • MD5

    0ed83b921910401b1fe81d739957d364

  • SHA1

    283a4c1e65dbedd256c8b63d3329585573a26cca

  • SHA256

    e1350146ba52f8c6bd479470229b7d1ed05caa7aa96c1bc1c6f3a0518c0e8b85

  • SHA512

    17b8c12b33992673f2b93e631cc8b012e246028dd5f60491e386576a58f4c3d163d118c7526cb7b92f9c21732f73e36195527b4764d1289845063f6d745986ab

  • SSDEEP

    12288:Vh1Fk70Tnvjc/pZcQAgUl1QrBxOKw5fmjMy0hAXAMvJEQyUl:nk70TrcfcQAgUluSYTBEQyA

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

45.15.156.201:10208

Targets

    • Target

      e1350146ba52f8c6bd479470229b7d1ed05caa7aa96c1bc1c6f3a0518c0e8b85

    • Size

      473KB

    • MD5

      0ed83b921910401b1fe81d739957d364

    • SHA1

      283a4c1e65dbedd256c8b63d3329585573a26cca

    • SHA256

      e1350146ba52f8c6bd479470229b7d1ed05caa7aa96c1bc1c6f3a0518c0e8b85

    • SHA512

      17b8c12b33992673f2b93e631cc8b012e246028dd5f60491e386576a58f4c3d163d118c7526cb7b92f9c21732f73e36195527b4764d1289845063f6d745986ab

    • SSDEEP

      12288:Vh1Fk70Tnvjc/pZcQAgUl1QrBxOKw5fmjMy0hAXAMvJEQyUl:nk70TrcfcQAgUluSYTBEQyA

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks