Overview

overview

10

Static

static

3

220a2362c7...c9.exe

windows7-x64

7

220a2362c7...c9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe

  • Size

    339KB

  • Sample

    240526-h3vqpaca37

  • MD5

    e4003c660e8a81a496d3429dcb01e44a

  • SHA1

    dfcc4bd954e39a92230f46170b17f918e1df7402

  • SHA256

    220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9

  • SHA512

    750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4

  • SSDEEP

    6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.115:40551

Targets

    • Target

      220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe

    • Size

      339KB

    • MD5

      e4003c660e8a81a496d3429dcb01e44a

    • SHA1

      dfcc4bd954e39a92230f46170b17f918e1df7402

    • SHA256

      220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9

    • SHA512

      750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4

    • SSDEEP

      6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b

    Score
    10/10
    redlinelogsdiller cloud (telegram: @logsdillabot)infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks