General

  • Target

    702021300aed8dfde070019d752b020d.bin

  • Size

    409KB

  • Sample

    240505-bqx7qadc97

  • MD5

    22c0256f6a898697698ef0051057a712

  • SHA1

    4407b9e5683a1d6e626ea0aebd5cb1d838f3bc40

  • SHA256

    1e699d9a1a3d9b62d5538a0187747ddf6deacab418b548e5ffd848710a305ef1

  • SHA512

    fdbc216e542b7702fd4f68de20cfed76d5968ce9deb1fadeb295be5bcb047c11a4c4d819f52065927ad8b244d16ac9ae85b3b17eb0a1323a64cc8907a098d555

  • SSDEEP

    6144:QwS5Y/kcaeGUGZLBGGYLgNsOkySQBMtVu8p61pmxw/QPKwcLZUuZqvkxml8Lo:XKuGfxse5mt8O4pcw/QPKw/BsdM

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678.exe

    • Size

      545KB

    • MD5

      702021300aed8dfde070019d752b020d

    • SHA1

      45f152925534102013fbe5c17805ca938499256d

    • SHA256

      e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678

    • SHA512

      34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0

    • SSDEEP

      12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks