General

  • Target

    775af421a2e7cc4d2cdb81142168f9c8.bin

  • Size

    390KB

  • Sample

    240502-bvp2xadb3v

  • MD5

    886a83a388b307468fc28c2d6dbdbb12

  • SHA1

    e8d4cd86bfb17a405c2761d90ef0577418d0caad

  • SHA256

    f2db85c5e47d5385a7190d6bb720184c3ce2bed88bf9e16903198469cc31f506

  • SHA512

    4597a860a38f2fecd5f67bc7c1187a6ed2eadac215c503d97b1e7e544f577137ed4b4eac8199587981409ad80a8ee4e8283ddf1a32396143c4dcfd145043778a

  • SSDEEP

    12288:f1vKlFkusYTYQ7x9jqOZMT3WVm2hj6CT/+:ftKDKYTYQr5Z43dS6u+

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe

    • Size

      467KB

    • MD5

      775af421a2e7cc4d2cdb81142168f9c8

    • SHA1

      502514f61d9411039839d35f2888dce15ced2962

    • SHA256

      052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050

    • SHA512

      d592d66b15551040c332bf6d359cf591940c36b0c4ed3e83171bdc228e3f66364ee06e7e92e706977d29299200eb4d36db83616edec3853f300aaf02dc2dade3

    • SSDEEP

      12288:kx2+JCy0qUNFqoAmy0MumPyX1PEtFw8IK/X0JRmvrm:kx2H7JdaumKXTIOQj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks