redline | 059a06b50e3fd6dca1d7a9b23dfb5899c2375dbc2efc04ec0d331e27dd9452fb | Triage

Submit
Reports

Overview

overview

Static

static

3

a5fa4a9924...8d.exe

windows7-x64

a5fa4a9924...8d.exe

windows10-2004-x64

Sharing

General

Target

059a06b50e3fd6dca1d7a9b23dfb5899c2375dbc2efc04ec0d331e27dd9452fb
Size

343KB
Sample

240417-q8vlwacb81
MD5

200c7fa77a1cb7fb623632af501b5fb8
SHA1

931faddd6b5585241b7b7c8c134f04d00aa03253
SHA256

059a06b50e3fd6dca1d7a9b23dfb5899c2375dbc2efc04ec0d331e27dd9452fb
SHA512

736ae116311af412d6c6233fff91074f777fc247d796b8b0057e7b459a2e482fbed7ed9fcd123915ac37010d7549446ea7b40bd3252851608ef3cef3f9a4e7ed
SSDEEP

6144:o2Mp1N3K8HGnyKx5P00PhsGJ8XwcPf2nWLlARjVtJaiP8xC7cQV49oTx:epXjKT00iGJYwcmWLkhtM67H48

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a5fa4a9924738f31e1f7d2436d75af6bae105771ec2cac40f07d953880931e8d.exe

Resource

win7-20240221-en

redline logsdiller cloud (tg: @logsdillabot)infostealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5fa4a9924738f31e1f7d2436d75af6bae105771ec2cac40f07d953880931e8d.exe

Resource

win10v2004-20240412-en

redline logsdiller cloud (tg: @logsdillabot)infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.68:29093

Targets

- Target
  
  a5fa4a9924738f31e1f7d2436d75af6bae105771ec2cac40f07d953880931e8d.exe
- Size
  
  374KB
- MD5
  
  e95081602cb904d9ea3d809724c71a7e
- SHA1
  
  bbaf6ea75ef068cd28f327ca7c321faeb9019dd0
- SHA256
  
  a5fa4a9924738f31e1f7d2436d75af6bae105771ec2cac40f07d953880931e8d
- SHA512
  
  16b1dc915c02babca267573377bc766ca402a8f69f8f4e20526044ff90a00230938dd1926069bec9bc0c3c66ca13b3a9021277e1cf6f09e44b00a53661220815
- SSDEEP
  
  6144:q+OYiRk78wIxWDP7iECDC1t6qmdFfih1IIddNbiojyWzBs5ZzvU/x3ip6JRfBOCv:DOYOk1SWTnKC1C6fIIddNbiojyMs5Zz6
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)infostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)infostealer

© 2018-2024

Terms | Privacy