General

  • Target

    9b3689a34c9c5d13c5edd650ee28c36a.bin

  • Size

    316KB

  • Sample

    240509-dl7ayafb41

  • MD5

    60859d589177e63415ab810049376e4e

  • SHA1

    0545e016da3f27ff4dd3fdb78907be39d64018b5

  • SHA256

    b5c7fea7703c48ed100678082c27973b21cc0967c8fa50a73d62bf09213ef014

  • SHA512

    a914549128c41c1fcfdfeacd4dd88ee0b9de4784262438c75e93fec953857c2d9ef7d1d8c32f12a5f0ac210204dafcdb1868c7010b1bdb3f67b98e55279eea2f

  • SSDEEP

    6144:91v8xV3eiPm78AZd5WvGdRR2FCg0F47i+YAk8g7NCby:91v8xVukAxWvGdR4QgjhgRCby

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      21003af880e681549de538ba191670cac43d8430ccf7ab11a8e164f18a3cc8b8.exe

    • Size

      322KB

    • MD5

      9b3689a34c9c5d13c5edd650ee28c36a

    • SHA1

      c74bc3e35030ea98bb87221f5f5ad882b537d146

    • SHA256

      21003af880e681549de538ba191670cac43d8430ccf7ab11a8e164f18a3cc8b8

    • SHA512

      28c697aeaa0772f505921d0a373fb663f72f6bd056d9f2fc91a0d7d8ba93c47ad3e956be502316f20ca9f0bc251254b4b85cb529e4ea6e727091b5e9479b9eb3

    • SSDEEP

      6144:urWjANCz3eSNnGKx/ykVyrcowPkN0rx6lYMfz9I9pkGZP+5nuQggu23kp:QWcN6X1GNwr8NkQlvrC9pkGdInZZu7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks