General

  • Target

    file.exe

  • Size

    527KB

  • Sample

    240509-tbl51shh7x

  • MD5

    144e3fc197d288b006018a06681636eb

  • SHA1

    82bc88c1799ade03d1dcecb8b13653c0aa90f475

  • SHA256

    75997a0972431bc5e7a704b53cd1a000bf6f1f51c31f2ef32b3af38f120ccfce

  • SHA512

    def371308bbde6c659c4b72a5d144bb9149931ec985ae2ccfe68cbb7acc6d15446cb917e4799908dfa4b65dae77a01980c5f52e6f80a3d39586039827d03cb40

  • SSDEEP

    12288:vJYO+vkfgJbreygSCTUPAKRccEedsTm0eynOpWcDMvH0Xp:vJYmfgdRwedsTTPnfcDMvU

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

    • Target

      file.exe

    • Size

      527KB

    • MD5

      144e3fc197d288b006018a06681636eb

    • SHA1

      82bc88c1799ade03d1dcecb8b13653c0aa90f475

    • SHA256

      75997a0972431bc5e7a704b53cd1a000bf6f1f51c31f2ef32b3af38f120ccfce

    • SHA512

      def371308bbde6c659c4b72a5d144bb9149931ec985ae2ccfe68cbb7acc6d15446cb917e4799908dfa4b65dae77a01980c5f52e6f80a3d39586039827d03cb40

    • SSDEEP

      12288:vJYO+vkfgJbreygSCTUPAKRccEedsTm0eynOpWcDMvH0Xp:vJYmfgdRwedsTTPnfcDMvU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks