redline | 220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9 | Triage

Sharing

General

Target

220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe
Size

339KB
Sample

240527-gxvcasaf31
MD5

e4003c660e8a81a496d3429dcb01e44a
SHA1

dfcc4bd954e39a92230f46170b17f918e1df7402
SHA256

220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9
SHA512

750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4
SSDEEP

6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b

Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.115:40551

Targets

- Target
  
  220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9.exe
- Size
  
  339KB
- MD5
  
  e4003c660e8a81a496d3429dcb01e44a
- SHA1
  
  dfcc4bd954e39a92230f46170b17f918e1df7402
- SHA256
  
  220a2362c7fcf1c46034d8c914a18056fb0f29baa38b714682cb1a5127c04bc9
- SHA512
  
  750bd6a73582aa21bb07e5f6675748524c112d441f8e8808f55b8383d860ea97c856f7ba5f0f8f5dccd30696e6c4fd85b34aeaca33f3f798d89b3f7d375836e4
- SSDEEP
  
  6144:g101L8oL4DDlqXesFgXwxMUdBnqvKDvWRryoGPiRWL2yUz6gZi:98c4FqX3xMU0KDvWRryoGPiRWL2yUz6b
Score

10^/10

redline logsdiller cloud (telegram: @logsdillabot)infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinelogsdiller cloud (telegram: @logsdillabot)infostealerspyware