redline | 4c5541b7902597b11f8696ad136f808834103705b335edffec3db6503d61932a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7559d7f4cc29f64d48f7c6a87d663e67.bin
Size

398KB
Sample

240517-dfhemaeb4y
MD5

540a1627ba0016a8d55ce8dec8f0bb10
SHA1

c6e20e5763db83f0e82b261f6db65c798a95ad7f
SHA256

4c5541b7902597b11f8696ad136f808834103705b335edffec3db6503d61932a
SHA512

5dddd7e18d15719a9df993a96cc0b0b75d42a55fe3a3fba68b8ba570ac73166a0dde1c53d2eb9afef53eded742e4ce0f9536dfdb3f914f63f1f610c3df7e7175
SSDEEP

12288:Zrm5KIQtUooxZuV9WuavwuJMUDwilKbChqELw8JXn2:hCooM9Xa5MiKWgEcCXn2

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.85:45779

Targets

- Target
  
  d98f489de2f49702b0199b86513a20d1cfc96aeca08018fc37f4fa09c0414720.exe
- Size
  
  478KB
- MD5
  
  7559d7f4cc29f64d48f7c6a87d663e67
- SHA1
  
  cea4ef88ab289386b516f2390225636ee9ead00b
- SHA256
  
  d98f489de2f49702b0199b86513a20d1cfc96aeca08018fc37f4fa09c0414720
- SHA512
  
  2c1645b62e45745c51d064406443895f8f1323d337e793cbbb860c9f7402e04b365ad9562a3de6c713df415e02e06b379243b7b0f370e3784060f2300aaae6e6
- SSDEEP
  
  12288:7+EPWyGqUczBdfDgk3fxPNRKl0RJP17sKvhS0l:7+rLqTd8OpNRiSJPTSg
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer