General

  • Target

    file.exe

  • Size

    310KB

  • Sample

    240407-zqe8xaef29

  • MD5

    b1284512da39510cfad55c9d000c6973

  • SHA1

    3fd55ac23698711601535781153a1047b4f9a65b

  • SHA256

    d120ced38346298e6050d82c112c10fabbbd240b759212b545658c0e9289165b

  • SHA512

    900ec06137461241e8cc428fab2d0dc2620f23d58db0b1306c08e7f1c83e1c36d12c0391b5ef8d3c3257eff50ecfd45e510b347c9479d1b3b9a889a491d8762b

  • SSDEEP

    6144:jB3dEsS3I3j8RMQ+RILLh/AYOOifna9WaKYtcfVByVxckHOT6I6Fqb:jJdEA4V+Ro5OGW5IO/y4kuTwA

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.0:29587

Targets

    • Target

      file.exe

    • Size

      310KB

    • MD5

      b1284512da39510cfad55c9d000c6973

    • SHA1

      3fd55ac23698711601535781153a1047b4f9a65b

    • SHA256

      d120ced38346298e6050d82c112c10fabbbd240b759212b545658c0e9289165b

    • SHA512

      900ec06137461241e8cc428fab2d0dc2620f23d58db0b1306c08e7f1c83e1c36d12c0391b5ef8d3c3257eff50ecfd45e510b347c9479d1b3b9a889a491d8762b

    • SSDEEP

      6144:jB3dEsS3I3j8RMQ+RILLh/AYOOifna9WaKYtcfVByVxckHOT6I6Fqb:jJdEA4V+Ro5OGW5IO/y4kuTwA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks