redline | 212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0 | Triage

Sharing

General

Target

212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0.exe
Size

1.2MB
Sample

240425-bjcbnscg2y
MD5

d41582bde613bd63caffa80f482e692b
SHA1

d1ccf0f0f4224e4daa412c868729977cddec079e
SHA256

212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0
SHA512

37defa103178d6e281a62f5cc221380f687740cfcf268c24dbeb7bf1c320fbb94be26ce74234b717cafe5f0c74b527ebf8c063fa4c49594174b68e2753e1474d
SSDEEP

12288:FCRMXFhAS3ocOaKANlQWE4goVyevmV/HSgrouJoz7ZyCwLvsTC/pSiAF1XcwJJSH:FCROhAS3onZANlQWEwtvEPg7SITCCXC

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

- Target
  
  212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0.exe
- Size
  
  1.2MB
- MD5
  
  d41582bde613bd63caffa80f482e692b
- SHA1
  
  d1ccf0f0f4224e4daa412c868729977cddec079e
- SHA256
  
  212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0
- SHA512
  
  37defa103178d6e281a62f5cc221380f687740cfcf268c24dbeb7bf1c320fbb94be26ce74234b717cafe5f0c74b527ebf8c063fa4c49594174b68e2753e1474d
- SSDEEP
  
  12288:FCRMXFhAS3ocOaKANlQWE4goVyevmV/HSgrouJoz7ZyCwLvsTC/pSiAF1XcwJJSH:FCROhAS3onZANlQWEwtvEPg7SITCCXC
Score

10^/10

redline infostealer logsdiller cloud (tg: @logsdillabot)discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer