General

  • Target

    052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe

  • Size

    467KB

  • Sample

    240501-bdb4qadh48

  • MD5

    775af421a2e7cc4d2cdb81142168f9c8

  • SHA1

    502514f61d9411039839d35f2888dce15ced2962

  • SHA256

    052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050

  • SHA512

    d592d66b15551040c332bf6d359cf591940c36b0c4ed3e83171bdc228e3f66364ee06e7e92e706977d29299200eb4d36db83616edec3853f300aaf02dc2dade3

  • SSDEEP

    12288:kx2+JCy0qUNFqoAmy0MumPyX1PEtFw8IK/X0JRmvrm:kx2H7JdaumKXTIOQj

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe

    • Size

      467KB

    • MD5

      775af421a2e7cc4d2cdb81142168f9c8

    • SHA1

      502514f61d9411039839d35f2888dce15ced2962

    • SHA256

      052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050

    • SHA512

      d592d66b15551040c332bf6d359cf591940c36b0c4ed3e83171bdc228e3f66364ee06e7e92e706977d29299200eb4d36db83616edec3853f300aaf02dc2dade3

    • SSDEEP

      12288:kx2+JCy0qUNFqoAmy0MumPyX1PEtFw8IK/X0JRmvrm:kx2H7JdaumKXTIOQj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks