redline | d28d6b8d097021245ad83d37ba25e5126c9e95ed9d7060f10f347d8ec2373222 | Triage

Submit
Reports

Overview

overview

Static

static

3

8d762b7f88...b1.exe

windows7-x64

8d762b7f88...b1.exe

windows10-2004-x64

Sharing

General

Target

d28d6b8d097021245ad83d37ba25e5126c9e95ed9d7060f10f347d8ec2373222
Size

322KB
Sample

240417-q3d2yaac84
MD5

de5a788742e1faf85f2776cd6adc13bd
SHA1

bf973e6a6e58d76331be4b2dfa8a73bb2eaac8cb
SHA256

d28d6b8d097021245ad83d37ba25e5126c9e95ed9d7060f10f347d8ec2373222
SHA512

3c409e7110a991fc6abc29113d4fea2a537e392f86c265aaf2a14e9aef80b6452b05e0361c702a562a5e32cfe9ecd6299af45fde025a1c97993750c4111ea651
SSDEEP

6144:tIJayI/7zBBaposLJFx/YatZxu4OxNJndY2UBySUXaDcFoloNbQuLVFob:tfVB5+mMQ4+JneBySUXaCo+1QyCb

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d762b7f886c8d024c39b5c9eee3f09d1d355d6c99073f2676ccba2c536e37b1.exe

Resource

win7-20240221-en

redline logsdiller cloud (tg: @logsdillabot)infostealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d762b7f886c8d024c39b5c9eee3f09d1d355d6c99073f2676ccba2c536e37b1.exe

Resource

win10v2004-20240412-en

redline logsdiller cloud (tg: @logsdillabot)infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.68:29093

Targets

- Target
  
  8d762b7f886c8d024c39b5c9eee3f09d1d355d6c99073f2676ccba2c536e37b1.exe
- Size
  
  337KB
- MD5
  
  27fbd137a423484ad08a92248ccc5849
- SHA1
  
  7ebafc1773af1a58b1b155857a8560e443010807
- SHA256
  
  8d762b7f886c8d024c39b5c9eee3f09d1d355d6c99073f2676ccba2c536e37b1
- SHA512
  
  38957236eaec10a203ccd63d79378f7db3c0056f2ff3280cb00dea7ccb4b4eb70b84075bd8d0b25a9192295972529e2d2f6eadd6e90cdafb127ffeeaf1b900e3
- SSDEEP
  
  6144:hEOAwgZLrjLJQcXSye06NLrUTdXNLBg6Y7FVxGaH:mOWZLrZQcXSyIlrUbq6YZbGaH
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)infostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)infostealer

© 2018-2024

Terms | Privacy