redline | 0e44173278361b5d26edeec63da2bba8595522c32abac87d418b2888ba176015 | Triage

Sharing

General

Target

f1662fbb012843190b9ad18c76d0141f.bin
Size

591KB
Sample

240425-cxgc8adh6t
MD5

4bfaacf56d02c8a4c1283005221a4660
SHA1

4b0187c74bd68d2c9d9cb767c4f22f5332403eaf
SHA256

0e44173278361b5d26edeec63da2bba8595522c32abac87d418b2888ba176015
SHA512

1020f9d955026bb69788d766f8e6a43167a30a0ad5a054ee1c74a6b617cf95bb78c824fe38c922c95739ecc1964dadf28ad7ea612ff24699c9460563f54fe48b
SSDEEP

12288:JIUvFsWz8Ao09Vtym7XwgI7m3uDvRoPrj7BF0iGM6yhbmfw:xNss+0TEm7g9pDv+PP7BF0HXygw

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

- Target
  
  d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669.exe
- Size
  
  1.2MB
- MD5
  
  f1662fbb012843190b9ad18c76d0141f
- SHA1
  
  996d7ca6229cedbebde5a0bf7bb67c635bf7b279
- SHA256
  
  d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669
- SHA512
  
  8265cf665bd763cdd30b29086bd6fe51d27f182db8fd92bb42dbed4c38dd03b2e5460366b107a48daab0f10c3c27962a4209d1000f1a1de8dd2007eae415697c
- SSDEEP
  
  24576:Msxl3hAS7tUhU5M/i8t7avB+eU/SvHNmCftCLRoa:Mi9tUhU5M/y4tSHC
Score

10^/10

redline infostealer logsdiller cloud (tg: @logsdillabot)discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer