General

  • Target

    4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2

  • Size

    490KB

  • Sample

    240504-2d2x9agf38

  • MD5

    b09b19c780bfaa784ccf35dc454f9326

  • SHA1

    0efc9a13e26c279bcf9d07bdb62f928f19860c7a

  • SHA256

    4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2

  • SHA512

    862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd

  • SSDEEP

    12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2

    • Size

      490KB

    • MD5

      b09b19c780bfaa784ccf35dc454f9326

    • SHA1

      0efc9a13e26c279bcf9d07bdb62f928f19860c7a

    • SHA256

      4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2

    • SHA512

      862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd

    • SSDEEP

      12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks