Resubmissions

30-08-2024 06:19

240830-g2819azejc 10

30-08-2024 05:24

240830-f3zcrsyblc 10

General

  • Target

    94efd1198279b7503006b9120880a143bf338f272e9b837b5707fbfe6da908d8

  • Size

    310KB

  • Sample

    240830-g2819azejc

  • MD5

    eefa1db762f1708532b9a2d7693047b9

  • SHA1

    fe3d66695758f320562717921c2a0700502cc127

  • SHA256

    94efd1198279b7503006b9120880a143bf338f272e9b837b5707fbfe6da908d8

  • SHA512

    6c312e60bdf383d51582d3d9068a8b8e1e1639b6a4bd247cf3c3393c4d0a79ad8ab1a806e5c6df2c4e9a12de20a251535b547c8cb0626318b705e09b25c7c62a

  • SSDEEP

    6144:cZ4OtRSBa/7Di49LLU4CL7/pR/2C/tbG+s6z0MEQDK3Bg5Ty:SVtd/ni4dU4y7/pR/zNG+n0XkKxg5Ty

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.251:2149

Targets

    • Target

      7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe

    • Size

      314KB

    • MD5

      6d90f5899ff47cd3519ee0f53b8900f6

    • SHA1

      1c28f0a93e4258f2370b14c58872ef1987109a5e

    • SHA256

      7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef

    • SHA512

      985fd3862446ddb8c6baf0ba68b31414a3a004033ff7a5bc37cbfc7e8b7ccbaf43642c16b7c67be6e7e8fcce38edede7986b786740d20da71178a42b7d296146

    • SSDEEP

      6144:YvVkn7xeQf6QF0gNW12BTKjV2hRh/SLyzNVkJPvZh5oB4xbHfORnJpwmA0BAGJS:1Eq4gclkhn5V8PD84xrm8WFJS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks