General

  • Target

    0e46c2f606eb317670d1ed2aedd1bafb5e1ad43b4471eba2a0e6f7c8f44a8ffe

  • Size

    311KB

  • Sample

    240827-b4vzhswfpc

  • MD5

    a48fec955761d8d023abee6d4da88f90

  • SHA1

    57efc41608f0fb19b1778fef2d00c767b5377a73

  • SHA256

    0e46c2f606eb317670d1ed2aedd1bafb5e1ad43b4471eba2a0e6f7c8f44a8ffe

  • SHA512

    612361b6459a3ef4c10f5b60c767c1fbc00f791d77331e3871dee1dd1ed39a899a2d6c1f6719f000dbce61c1be3db99211493dba06e85cfd1ac668e6c80b6188

  • SSDEEP

    6144:VWk6p8pQDNJ6XAqJQ00B61XiIIr3n8XevZx8r+y7irMZPlHA:V96e5/0BIXiIIZBxEGElg

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593.exe

    • Size

      315KB

    • MD5

      0f9a7390c4a71cae8b2e709695fdd05b

    • SHA1

      e380542376968be946f8ba7fabbd7b2065ff392d

    • SHA256

      12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593

    • SHA512

      0cfa9287bc2e5150e506315178e490984aadd6f8de1305db9dd28c37ddd2d6d691cb859ceb7979224c59b91562985cd178c025cf9e72cabfac147eadc66356e3

    • SSDEEP

      6144:II8XYYyOCPtqXY1J5v+aarO28SuhAZ3tr2T9LManjK92NbaauJo3G:II8Xvy7N+aA18g8/n+3o2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks