redline | 2f05df98b8de8af85942d15c1c7d434ee62be3e3662c551a0e14d29c9531c1cc | Triage

Sharing

General

Target

1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe
Size

304KB
Sample

240522-3d9tjada5x
MD5

1fb1c8da0fabb641a76ac6759dd557dd
SHA1

eac9ef0a2bb9058efcc01242184f7a10136a5036
SHA256

2f05df98b8de8af85942d15c1c7d434ee62be3e3662c551a0e14d29c9531c1cc
SHA512

44623c837f1537783e44703637407b3330db2201800f0ab5d2552f3b67368b320734e1fa12143c1ed9df75518c641817039bec7ec74c2c18d4efe22dd83739cd
SSDEEP

3072:1q6EgY6iHrUj1DeewPMAVTmz+qGwRTAAtpSKGscZqf7D341eqiOLibBOp:8qY6iwwPv9priTA8pIscZqf7DIfL

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.115:40551

Targets

- Target
  
  1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe
- Size
  
  304KB
- MD5
  
  1fb1c8da0fabb641a76ac6759dd557dd
- SHA1
  
  eac9ef0a2bb9058efcc01242184f7a10136a5036
- SHA256
  
  2f05df98b8de8af85942d15c1c7d434ee62be3e3662c551a0e14d29c9531c1cc
- SHA512
  
  44623c837f1537783e44703637407b3330db2201800f0ab5d2552f3b67368b320734e1fa12143c1ed9df75518c641817039bec7ec74c2c18d4efe22dd83739cd
- SSDEEP
  
  3072:1q6EgY6iHrUj1DeewPMAVTmz+qGwRTAAtpSKGscZqf7D341eqiOLibBOp:8qY6iwwPv9priTA8pIscZqf7DIfL
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

logsdiller cloud (tg: @logsdillabot)redline

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer