General

  • Target

    9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe

  • Size

    500KB

  • Sample

    240502-b9gzvafg88

  • MD5

    456a86d30c8506883a00bbafc9ab9ec3

  • SHA1

    f58d3f0c7f03f05e22998662e255e155bd8a74a4

  • SHA256

    9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa

  • SHA512

    4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162

  • SSDEEP

    12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe

    • Size

      500KB

    • MD5

      456a86d30c8506883a00bbafc9ab9ec3

    • SHA1

      f58d3f0c7f03f05e22998662e255e155bd8a74a4

    • SHA256

      9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa

    • SHA512

      4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162

    • SSDEEP

      12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks