General

  • Target

    144e3fc197d288b006018a06681636eb.bin

  • Size

    426KB

  • Sample

    240511-cpe57aff7x

  • MD5

    bba02df6caa30d4166b2afe4b1bb6932

  • SHA1

    b6bd7d5cd2ae954ccc53397768b891f36f220049

  • SHA256

    db86e3eceb566bf58c5c7269ea3bc5c88616e19ae809c36853fff95bf6e973e9

  • SHA512

    f5b435029dd4fc58a6c4a8c3dfdbd1c29bc70dca93bab2efce505c9b78f19d4044af704692da95a32238f946b646ff8c7dbcedf304528f7b90874e7e8159fab5

  • SSDEEP

    12288:36U34jBkBP72vb0jFMzC3PeWAFt1jkokICIS5:36U34jGBP7fFMuWfABICIS5

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

    • Target

      75997a0972431bc5e7a704b53cd1a000bf6f1f51c31f2ef32b3af38f120ccfce.exe

    • Size

      527KB

    • MD5

      144e3fc197d288b006018a06681636eb

    • SHA1

      82bc88c1799ade03d1dcecb8b13653c0aa90f475

    • SHA256

      75997a0972431bc5e7a704b53cd1a000bf6f1f51c31f2ef32b3af38f120ccfce

    • SHA512

      def371308bbde6c659c4b72a5d144bb9149931ec985ae2ccfe68cbb7acc6d15446cb917e4799908dfa4b65dae77a01980c5f52e6f80a3d39586039827d03cb40

    • SSDEEP

      12288:vJYO+vkfgJbreygSCTUPAKRccEedsTm0eynOpWcDMvH0Xp:vJYmfgdRwedsTTPnfcDMvU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks