Overview

overview

10

Static

static

3

c215367f8d...de.exe

windows7-x64

10

c215367f8d...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe

  • Size

    312KB

  • Sample

    240417-rz252acd53

  • MD5

    4f9183606b4514ab3ba63b19a06663d2

  • SHA1

    36b841645374b2b4ce99c6af61d77ac1714876eb

  • SHA256

    c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de

  • SHA512

    0cba564de3f89b9b62dfb837275313b64a0852bb1b9bcf93e785c70567bf9fbce91e292fb61d43aa71bc62ff647f2c458f63e95c91b9bfdeb9ff1a1dfb2f8a96

  • SSDEEP

    6144:06/goVmKMiCa4GsrduEykH6+bkL6dAti0KLrkoHl8BVmFXYolndcQMR0v8P:0QVd4DXUOAt0k68+FXYopdccvW

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.50:33080

Targets

    • Target

      c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe

    • Size

      312KB

    • MD5

      4f9183606b4514ab3ba63b19a06663d2

    • SHA1

      36b841645374b2b4ce99c6af61d77ac1714876eb

    • SHA256

      c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de

    • SHA512

      0cba564de3f89b9b62dfb837275313b64a0852bb1b9bcf93e785c70567bf9fbce91e292fb61d43aa71bc62ff647f2c458f63e95c91b9bfdeb9ff1a1dfb2f8a96

    • SSDEEP

      6144:06/goVmKMiCa4GsrduEykH6+bkL6dAti0KLrkoHl8BVmFXYolndcQMR0v8P:0QVd4DXUOAt0k68+FXYopdccvW

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks