General

  • Target

    92605ba136b126db1d3734ffab2f1700.bin

  • Size

    310KB

  • Sample

    240827-b3pq4syapn

  • MD5

    acd844a6bca55b2084ffb21f5eb1fce8

  • SHA1

    d33e5638d2a37a972a560254b8f6c39182574e43

  • SHA256

    62b82ec2e8a0dd5a46fdb2a30cd17abf0f74f3e58a97d280e2b4402cc8ededf1

  • SHA512

    ed6ac91e07c9c1a0108ec38a0a1f3163741566e1f6f2dfe1e2f0340f7b6d7974d178676175413c9f68b28e273b7e372f05f623fe11c034c905f85066f071aceb

  • SSDEEP

    6144:wvib3F7opUdAtBpgA7Jc9n302+22wRcN0ai9H00NObgBAaC:w23F7EzgKc5k2+27RcN0aih3hyaC

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      84ccccd320e1db52227eacca356001f04a4ff4354f3830e983f492db5097d649.exe

    • Size

      314KB

    • MD5

      92605ba136b126db1d3734ffab2f1700

    • SHA1

      21bc49acca0c4267f7be2d945746089efce2dfb3

    • SHA256

      84ccccd320e1db52227eacca356001f04a4ff4354f3830e983f492db5097d649

    • SHA512

      7cdc5f6d360e7d2e3b07b39b2022a14a628e2ffdc10e85e49f69c31fbad131d061686d43745a192d6b21c7f9c8407d5bd8caefc8cefe38844924fe343a61ffa6

    • SSDEEP

      6144:vXt50WihGZ2KoRRk6EYJId6VIJIqMayNWxWQv6su6EMBtB4kU:v950ZhGDgRgyId6VmIVvNZ+UMXGkU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks