General

  • Target

    file.exe

  • Size

    315KB

  • Sample

    240827-vnjfbsshpm

  • MD5

    b79ed7b267159f2b1497de63786e6f6d

  • SHA1

    43a426a88d342974b47f407048b78d1ee6a3067b

  • SHA256

    0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4

  • SHA512

    504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17

  • SSDEEP

    6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.251:2149

Targets

    • Target

      file.exe

    • Size

      315KB

    • MD5

      b79ed7b267159f2b1497de63786e6f6d

    • SHA1

      43a426a88d342974b47f407048b78d1ee6a3067b

    • SHA256

      0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4

    • SHA512

      504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17

    • SSDEEP

      6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks