General

  • Target

    724a304d92c8e4920afbc604d34ad74a.bin

  • Size

    310KB

  • Sample

    240826-bvw58axcmh

  • MD5

    0d1035a7566f5de955203f53e3a00e49

  • SHA1

    a27685c2d4d97650d86d369a91824dc9d709271e

  • SHA256

    daecd242b972f695754166b0980003bc6a552907c8bb3afc7a7069a820bd5f6c

  • SHA512

    97b0d28fbcc9b96917d544aa928c41daf79e0744a7170e8c4ee8bec273f6c591e95d18762c1bcd9c53d61b978243f5cf9f5920546a502198fe49375d12e78254

  • SSDEEP

    6144:K7cFse5QTI4oL/uOrJvRzCkfoANa5D3F7WDPHG8DA5TBPZTNEysJA1mA:8LTI4s/uOrJvRz9wJ5D1mu8DUTBPBNEM

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      5c3058217a873a3393cf4b033ade3717e25c1d1cee2cc44c79e92fa8b9a73c38.exe

    • Size

      314KB

    • MD5

      724a304d92c8e4920afbc604d34ad74a

    • SHA1

      311a20ea19ff1be6f3fe2e9858992152430faea2

    • SHA256

      5c3058217a873a3393cf4b033ade3717e25c1d1cee2cc44c79e92fa8b9a73c38

    • SHA512

      3a0d1b199bb17057d2f67a0d44dc7dd98559570b9ec4ba5c331e683116be283052d75d4154602d93edb1afcf94d7f464a4dd4d05a99524cab3209e6b14f3c9e6

    • SSDEEP

      6144:CTnxNdwRsC6ICw1CSgeaL07RtmRjqajRGVD8xcDWraF0yFbrbVuF:CtNdwRsCQiIec0t8jqajRJFmF0yFRuF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks