General

  • Target

    9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988

  • Size

    360KB

  • Sample

    240511-he7eksdg44

  • MD5

    5987a553177c829072297f01f1da0159

  • SHA1

    5d4903d416bba621596b357bc65347ccdddbe271

  • SHA256

    9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988

  • SHA512

    a07a36517223c40c744164399c8a01278df85b167508282a8cd3f45f68eb24a732a0baac979065657a0e85ab81996a1f16ba9fa3367abc8286f92769c32188dc

  • SSDEEP

    6144:QIs2fqnzFv8QME77P7M24OHYlveaGRYL9hSe9OhIWAKUDXAXw1QEfDWuxVtEsglJ:Vst98QpPjEL9hFGPAKJSDWwgllyHrm

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

    • Target

      2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe

    • Size

      402KB

    • MD5

      f02798ba573318a4ba1bb6e39c45ad5c

    • SHA1

      9b81fd616e27b9aeca4a5a42775df026da28f557

    • SHA256

      2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826

    • SHA512

      de15b3b67063359bad041e87e1f16029775ca16d2199b2284f3b3039c11f704f208fc994f1383aa7704a7c01544e87aba7c796c407c40c8281ebd607212f2385

    • SSDEEP

      6144:dzOa82gO92tYhBOl+vCit0Y0d0ggOl3yinIvSC9dRuJSo+2Aymo/un7pespk:daaR9wYhYiCDQKIvZ1uJSo+jjoS8spk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks