redline | 9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988 | Triage

Sharing

General

Target

9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988
Size

360KB
Sample

240511-hj451sbe4t
MD5

5987a553177c829072297f01f1da0159
SHA1

5d4903d416bba621596b357bc65347ccdddbe271
SHA256

9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988
SHA512

a07a36517223c40c744164399c8a01278df85b167508282a8cd3f45f68eb24a732a0baac979065657a0e85ab81996a1f16ba9fa3367abc8286f92769c32188dc
SSDEEP

6144:QIs2fqnzFv8QME77P7M24OHYlveaGRYL9hSe9OhIWAKUDXAXw1QEfDWuxVtEsglJ:Vst98QpPjEL9hFGPAKJSDWwgllyHrm

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

- Target
  
  2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe
- Size
  
  402KB
- MD5
  
  f02798ba573318a4ba1bb6e39c45ad5c
- SHA1
  
  9b81fd616e27b9aeca4a5a42775df026da28f557
- SHA256
  
  2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826
- SHA512
  
  de15b3b67063359bad041e87e1f16029775ca16d2199b2284f3b3039c11f704f208fc994f1383aa7704a7c01544e87aba7c796c407c40c8281ebd607212f2385
- SSDEEP
  
  6144:dzOa82gO92tYhBOl+vCit0Y0d0ggOl3yinIvSC9dRuJSo+2Aymo/un7pespk:daaR9wYhYiCDQKIvZ1uJSo+jjoS8spk
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer