General

  • Target

    b09b19c780bfaa784ccf35dc454f9326.bin

  • Size

    407KB

  • Sample

    240504-b7j2esdb72

  • MD5

    cb5d11a6bf0439c1b383c9f394d47840

  • SHA1

    9b4591df26301f9fcf0d622f6264e5656c9ebcff

  • SHA256

    1d56f539867962f31945c20faff524f958d5d6c0032279f57e32fe6c5e5468e8

  • SHA512

    d4aa51d87ea8551a8cbcdb8acc5302db374c931e675ffcfa2ba7b192062e1479c57e729e8c44d1904b68f353ef338bbc56f02416174899db5ccdbb69c9487d52

  • SSDEEP

    12288:WMdghfo1FN4jLrgxd/uMefytriFQECJa0:WMChQ1FN4jLWdmMcyxozCJb

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe

    • Size

      490KB

    • MD5

      b09b19c780bfaa784ccf35dc454f9326

    • SHA1

      0efc9a13e26c279bcf9d07bdb62f928f19860c7a

    • SHA256

      4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2

    • SHA512

      862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd

    • SSDEEP

      12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks