General

  • Target

    e8a4d35acec98b2530fdb642e8d8ec0ed5befba2a094d42f2e00a85d58a8cdc6

  • Size

    312KB

  • Sample

    240822-2pfjds1gqe

  • MD5

    9ffc6d221c6033fe55358275061d8bf0

  • SHA1

    d8cc0af898803d87e6f3186df4c8f8ea6631744e

  • SHA256

    e8a4d35acec98b2530fdb642e8d8ec0ed5befba2a094d42f2e00a85d58a8cdc6

  • SHA512

    50288b4c32c39773c5cd9f98c0858fed2186a55c8812f3a034a86fc9d64c41c20b68a11733318dc925f0f16f06a80a50ee413c781194eee611459edc13d345b6

  • SSDEEP

    6144:PPKS4XBqmeB0GBGkrLpqFFEvrQ6rZTTaQtsBiyHsRJUP/TTVKk2:PL4zajLVBvspWRuve

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      e8a4d35acec98b2530fdb642e8d8ec0ed5befba2a094d42f2e00a85d58a8cdc6

    • Size

      312KB

    • MD5

      9ffc6d221c6033fe55358275061d8bf0

    • SHA1

      d8cc0af898803d87e6f3186df4c8f8ea6631744e

    • SHA256

      e8a4d35acec98b2530fdb642e8d8ec0ed5befba2a094d42f2e00a85d58a8cdc6

    • SHA512

      50288b4c32c39773c5cd9f98c0858fed2186a55c8812f3a034a86fc9d64c41c20b68a11733318dc925f0f16f06a80a50ee413c781194eee611459edc13d345b6

    • SSDEEP

      6144:PPKS4XBqmeB0GBGkrLpqFFEvrQ6rZTTaQtsBiyHsRJUP/TTVKk2:PL4zajLVBvspWRuve

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks