General

  • Target

    e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678

  • Size

    545KB

  • Sample

    240505-21h4nagh4v

  • MD5

    702021300aed8dfde070019d752b020d

  • SHA1

    45f152925534102013fbe5c17805ca938499256d

  • SHA256

    e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678

  • SHA512

    34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0

  • SSDEEP

    12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678

    • Size

      545KB

    • MD5

      702021300aed8dfde070019d752b020d

    • SHA1

      45f152925534102013fbe5c17805ca938499256d

    • SHA256

      e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678

    • SHA512

      34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0

    • SSDEEP

      12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks