General

  • Target

    66be35a2807ef_crypted.exe

  • Size

    312KB

  • Sample

    240828-1jfrjaxejc

  • MD5

    e93bf642b8564c006f501145b32ec1f6

  • SHA1

    d188666a2f93fb6acbb2050e539c7f3a53bf87a3

  • SHA256

    d22db11ce993116313ef560dba21d4c081f8a8cc674462fdae4176749d4bd93a

  • SHA512

    8514f42eabf73fe9536a3c76aeb8331c5adaa0ae4ecb084f21a71abe4fb65e0e1e9d6a181da221dab2ccda2b8e294c7d0ffeb9f571c7279460133dc284423668

  • SSDEEP

    6144:wlVh6vyQ6vOuUt78JARfEpIOtnQg3bXFm1dCBcORVNu5Srs:wHM6QmOuq7/VEpDn1+Cy+VY5f

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:14537

Targets

    • Target

      66be35a2807ef_crypted.exe

    • Size

      312KB

    • MD5

      e93bf642b8564c006f501145b32ec1f6

    • SHA1

      d188666a2f93fb6acbb2050e539c7f3a53bf87a3

    • SHA256

      d22db11ce993116313ef560dba21d4c081f8a8cc674462fdae4176749d4bd93a

    • SHA512

      8514f42eabf73fe9536a3c76aeb8331c5adaa0ae4ecb084f21a71abe4fb65e0e1e9d6a181da221dab2ccda2b8e294c7d0ffeb9f571c7279460133dc284423668

    • SSDEEP

      6144:wlVh6vyQ6vOuUt78JARfEpIOtnQg3bXFm1dCBcORVNu5Srs:wHM6QmOuq7/VEpDn1+Cy+VY5f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks