General

  • Target

    ef54817e86916a12620e84635b16870784e185f91b87b6c74f9b5f19c84921d7.exe

  • Size

    304KB

  • Sample

    240522-c37glahf49

  • MD5

    99cd037819b5fcdc86ca779b2bb72bba

  • SHA1

    25e9b19bfdcb1e7ee6453b9c6ef345211d01ebdf

  • SHA256

    ef54817e86916a12620e84635b16870784e185f91b87b6c74f9b5f19c84921d7

  • SHA512

    14d742c2c20ccc1b27b01232ce21cb27d197e6ffbca8628dde382ea8fb360dcf8bffaba827a9d00d7b5b0909d56b28effefd9953c0214308416a33338c1ca157

  • SSDEEP

    3072:iq6EgY6iHrUj1DeewPMyv0vaaOTw5ILpkTANtASKGIcZqf7D34teqiOLibBOz:xqY6iwwPBhLpkTADAkIcZqf7DIXL

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.85:45779

Targets

    • Target

      ef54817e86916a12620e84635b16870784e185f91b87b6c74f9b5f19c84921d7.exe

    • Size

      304KB

    • MD5

      99cd037819b5fcdc86ca779b2bb72bba

    • SHA1

      25e9b19bfdcb1e7ee6453b9c6ef345211d01ebdf

    • SHA256

      ef54817e86916a12620e84635b16870784e185f91b87b6c74f9b5f19c84921d7

    • SHA512

      14d742c2c20ccc1b27b01232ce21cb27d197e6ffbca8628dde382ea8fb360dcf8bffaba827a9d00d7b5b0909d56b28effefd9953c0214308416a33338c1ca157

    • SSDEEP

      3072:iq6EgY6iHrUj1DeewPMyv0vaaOTw5ILpkTANtASKGIcZqf7D34teqiOLibBOz:xqY6iwwPBhLpkTADAkIcZqf7DIXL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks