General

  • Target

    e8caa0b1cd00dce9a0d1edf3ac7c5171ea0edec4253a6c324ba00803eaebdc50.exe

  • Size

    314KB

  • Sample

    240827-wcvvnasgjg

  • MD5

    cd1dd0289c092923eb8985e8d86d215f

  • SHA1

    328ab12a496c0671dbdc6f40795fbb8b865499b7

  • SHA256

    e8caa0b1cd00dce9a0d1edf3ac7c5171ea0edec4253a6c324ba00803eaebdc50

  • SHA512

    9a649700903a48141184073cf6c6f640427fe5561053541a486583966053d25fed67c6559d04fc997073971a5951b2130ee4e4e5ffe03e75cabcc190c35aeddc

  • SSDEEP

    6144:J3sW2hRZB/k60NOLuVJxmw1fa9W4sJfWFrlKa7bwkXap+FqrT39pcAro:ib7kBOLgJr1facWrXwkXYKabjro

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      e8caa0b1cd00dce9a0d1edf3ac7c5171ea0edec4253a6c324ba00803eaebdc50.exe

    • Size

      314KB

    • MD5

      cd1dd0289c092923eb8985e8d86d215f

    • SHA1

      328ab12a496c0671dbdc6f40795fbb8b865499b7

    • SHA256

      e8caa0b1cd00dce9a0d1edf3ac7c5171ea0edec4253a6c324ba00803eaebdc50

    • SHA512

      9a649700903a48141184073cf6c6f640427fe5561053541a486583966053d25fed67c6559d04fc997073971a5951b2130ee4e4e5ffe03e75cabcc190c35aeddc

    • SSDEEP

      6144:J3sW2hRZB/k60NOLuVJxmw1fa9W4sJfWFrlKa7bwkXap+FqrT39pcAro:ib7kBOLgJr1facWrXwkXYKabjro

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks