General

  • Target

    d88b40ed7f2e8b7e39cd1c21d09bde00.bin

  • Size

    407KB

  • Sample

    240430-cbxhbaha58

  • MD5

    85f0cdf07ff5f12ed4072c293c27e8d4

  • SHA1

    202e5125df0d34e5afb4e03f8b6ff3daa1c2c384

  • SHA256

    19c410be085ffdf4140acac67ee7afb5078b6e4c33e880fd0aa41d7c90f133f6

  • SHA512

    280ca919cd4ec63de37c4e48cf33868cc37216f263df5a53ef7537a339b5559d1986f55399c597716796c9fcf8e8fb0f995c5255dcfcafb177d784a30399b752

  • SSDEEP

    12288:oog0zNZ54y7KhSuQ+SQg127v/6Y8QCFDgdIIYJHcJ//G:Q0V4yWh7Q+SQg1cX7LIZZ

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe

    • Size

      501KB

    • MD5

      d88b40ed7f2e8b7e39cd1c21d09bde00

    • SHA1

      d9865029f441f1234580ec18756566b6fe201331

    • SHA256

      044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149

    • SHA512

      c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d

    • SSDEEP

      12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks