General

  • Target

    b72dd501577e9c1a22f9f5cee67e253353c1e1691fd981db7ee188f8c03d8c54

  • Size

    336KB

  • Sample

    240429-fep47aaf99

  • MD5

    9aa0e1cb84eaa0bf8e0c69154b797261

  • SHA1

    fec3447e88cc504eb088a2c7e3f7a493e339aa1e

  • SHA256

    b72dd501577e9c1a22f9f5cee67e253353c1e1691fd981db7ee188f8c03d8c54

  • SHA512

    4856fa4b27b22f539a4e8f2d68460954a265578e3c5eeb7836e35bda8488091d52114349d9a131fec5fd04e5c4ad7a420a5b1ac58253467ce7eeb36220098019

  • SSDEEP

    6144:ycPfB2bf33rP/bWR/3gM/wniJGlXQukamPRiUx8pT76T7Qn48n:DZ2bvbP/b43R43lZkvRijg7Qnp

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.0:29587

Targets

    • Target

      b72dd501577e9c1a22f9f5cee67e253353c1e1691fd981db7ee188f8c03d8c54

    • Size

      336KB

    • MD5

      9aa0e1cb84eaa0bf8e0c69154b797261

    • SHA1

      fec3447e88cc504eb088a2c7e3f7a493e339aa1e

    • SHA256

      b72dd501577e9c1a22f9f5cee67e253353c1e1691fd981db7ee188f8c03d8c54

    • SHA512

      4856fa4b27b22f539a4e8f2d68460954a265578e3c5eeb7836e35bda8488091d52114349d9a131fec5fd04e5c4ad7a420a5b1ac58253467ce7eeb36220098019

    • SSDEEP

      6144:ycPfB2bf33rP/bWR/3gM/wniJGlXQukamPRiUx8pT76T7Qn48n:DZ2bvbP/b43R43lZkvRijg7Qnp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks