General

  • Target

    456a86d30c8506883a00bbafc9ab9ec3.bin

  • Size

    409KB

  • Sample

    240503-blgdeadd26

  • MD5

    27a61be5b4e70ac9b762c2d917d1e293

  • SHA1

    ec705b2e19a8d9c6f3259a6a3bab03c5aa4239ce

  • SHA256

    fb72ea1d08f89e20980a8052076d1048659ea739ca6293a2b218d6811624b7ca

  • SHA512

    caf9a6023d0a60ac18f48455429630e785157f02481e85a7596f44d8b2f724f4f7960769f0e5489e95cc250f3ac34f647083efa3501402e15a4bb7a16710171a

  • SSDEEP

    12288:r95L5SKpbnY6jB7jSleqtvnnKkXe3RRa8QsAv9:7TpbnYsvMtt/nK7pqF

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe

    • Size

      500KB

    • MD5

      456a86d30c8506883a00bbafc9ab9ec3

    • SHA1

      f58d3f0c7f03f05e22998662e255e155bd8a74a4

    • SHA256

      9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa

    • SHA512

      4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162

    • SSDEEP

      12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks