General

  • Target

    95fe51bf6712dabad88f0dff35b9cc2a.bin

  • Size

    310KB

  • Sample

    240825-b3vx5a1gkg

  • MD5

    461d3b56052300cdc29c43fd1bd2c035

  • SHA1

    9bb94ea793fe80b4d4b6beca6ca32d5b51986838

  • SHA256

    1b4265747905ce3fa2fe54c1a0ad6f55dadd79a047ab45acf5c68c6e18c41e90

  • SHA512

    6911be3fbc018073d150d12403a4702a25282ea00c5b5f25e796d56fd798044190ccef90f75ed6cec028f12e3f80030f74462f6de539366e4e0e624b1ec849c9

  • SSDEEP

    6144:nO4X29lCVkq379+HaA3R47uZhqYvjEJNbMBTbQgkjWAy6:nOU2Do91IWwoJpMB9kjWAy6

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      beed06c4844fec238d982f8389a95e2a1dcd18ef1c2f1d9870a0561d20702073.exe

    • Size

      313KB

    • MD5

      95fe51bf6712dabad88f0dff35b9cc2a

    • SHA1

      923a6370d5acbfccebaefcb467bceda66a8b8f1f

    • SHA256

      beed06c4844fec238d982f8389a95e2a1dcd18ef1c2f1d9870a0561d20702073

    • SHA512

      82a80fc828a59421646f8016d4119ba4844ba90c1cb74b9415ce729df8dd8aaec5f8848a0f5ebee3b22042a250f2c650ee0adc8450d52116eb4f4c460acdc9cc

    • SSDEEP

      6144:7H0sclO4bX+ZOJGlROK4jnctVLqOfpzXQHjiboVWWaODsoC1NwzBt9gvMSH/QrVF:T0x8ZV7OK2aVDtXyLYWnDsoQ4t9kTorz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks