General

  • Target

    98b6ec64d37efa2d1b82037c9cd2c51e.bin

  • Size

    415KB

  • Sample

    240509-dlynssaa28

  • MD5

    ba624b4677bb99270e768a828eb947e6

  • SHA1

    c7051c866ac47fcebd2c97f7cd62ff4bb8218d45

  • SHA256

    664b12e8b4c17cfa0b1a006db395f759c1226fb5b8dcfe4663258531c37ad3e4

  • SHA512

    dd5e4bcce7b44c6485b5aced091e0785d60bf6d8384671cc1881f786535b99b64a64f96dbcc1174d67de46579246c384f2170dfbfbfa8ecd806f7a6841523172

  • SSDEEP

    12288:Q6kISnzV0NTXaKEv/+UxB1iuwQfljc+MT9:R7SzVCGEUn1rxljc+q9

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      cedb8fc0a286ec44b5d3451f06ee954c1c8cca943981e6f5223bf6916af0fb3b.exe

    • Size

      509KB

    • MD5

      98b6ec64d37efa2d1b82037c9cd2c51e

    • SHA1

      2bd96489914570b2fe8f5b652166ae2584b8f203

    • SHA256

      cedb8fc0a286ec44b5d3451f06ee954c1c8cca943981e6f5223bf6916af0fb3b

    • SHA512

      87c747ca7377cdd18dd0ace74472950946000b9ef62b279ce41daf040a200893c70ea8e476881542e05a72a89a151d4f7755913a2521f431d2fb79951e57f9d7

    • SSDEEP

      12288:nW+60nbnuhQJmv0nBRMGJsk7RRFbo2jnqHS:nWV0n4v0n7MGJX3K8c

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks