General

  • Target

    220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe

  • Size

    339KB

  • Sample

    240526-h3vqpaca37

  • MD5

    e4003c660e8a81a496d3429dcb01e44a

  • SHA1

    dfcc4bd954e39a92230f46170b17f918e1df7402

  • SHA256

    220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9

  • SHA512

    750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4

  • SSDEEP

    6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.115:40551

Targets

    • Target

      220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe

    • Size

      339KB

    • MD5

      e4003c660e8a81a496d3429dcb01e44a

    • SHA1

      dfcc4bd954e39a92230f46170b17f918e1df7402

    • SHA256

      220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9

    • SHA512

      750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4

    • SSDEEP

      6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks