redline | 044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149 | Triage

Sharing

General

Target

d88b40ed7f2e8b7e39cd1c21d09bde00_NeikiAnalytics
Size

501KB
Sample

240515-sv9vrafh78
MD5

d88b40ed7f2e8b7e39cd1c21d09bde00
SHA1

d9865029f441f1234580ec18756566b6fe201331
SHA256

044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149
SHA512

c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d
SSDEEP

12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

- Target
  
  d88b40ed7f2e8b7e39cd1c21d09bde00_NeikiAnalytics
- Size
  
  501KB
- MD5
  
  d88b40ed7f2e8b7e39cd1c21d09bde00
- SHA1
  
  d9865029f441f1234580ec18756566b6fe201331
- SHA256
  
  044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149
- SHA512
  
  c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d
- SSDEEP
  
  12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx
Score

10^/10

redline infostealer logsdiller cloud (tg: @logsdillabot)
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)infostealer