General

  • Target

    2a144dc3e515e3a2663e4521b40c3d847b648699f1ac866e068483ae0a5e3386

  • Size

    311KB

  • Sample

    240829-f4fl2sxfmj

  • MD5

    4539bd6872b7037395d4f60890b109db

  • SHA1

    23988c0ff277d39e6c29a911cfc33c0983714808

  • SHA256

    2a144dc3e515e3a2663e4521b40c3d847b648699f1ac866e068483ae0a5e3386

  • SHA512

    53a3afbba41c819865af9eb1c2e3f525e13bdf5d1f29c68925fd445af0739ec65d00f02a900cdb0329610c680d980221303bd3a63995e6ed71d4536b89426d09

  • SSDEEP

    6144:OCvJ/rj52ouBXmhBSgz0TfIsVHQdw/Vpzf49c9M8gQ4cR0whsSBO:zJDVPuBCzAIsVHUw/nA9cKkR0NSU

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.251:2149

Targets

    • Target

      0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4.exe

    • Size

      315KB

    • MD5

      b79ed7b267159f2b1497de63786e6f6d

    • SHA1

      43a426a88d342974b47f407048b78d1ee6a3067b

    • SHA256

      0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4

    • SHA512

      504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17

    • SSDEEP

      6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks