General

  • Target

    37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe

  • Size

    379KB

  • Sample

    240831-hp74vs1cqm

  • MD5

    ae9de1093d87672c550524299e8df649

  • SHA1

    a779d38b49497f72153da3c22bb90397ae042c0b

  • SHA256

    37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138

  • SHA512

    cac3cb5aea6660357e6de892db9aa3f3f4725561897a38f8876a8e181990a58108e6d15fc0c2fcb56ea4517e05e03d1a877a15fb6884f4d28739e1d25f1e05f3

  • SSDEEP

    6144:xOCC7QURYl/aMw3cSqJ6bKf8LiXgG9TknY/jTfAxHbIQJQgy770/B5p6uXRaD:xRCMwqJ6boyG9Tk6kI4jm03prR

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe

    • Size

      379KB

    • MD5

      ae9de1093d87672c550524299e8df649

    • SHA1

      a779d38b49497f72153da3c22bb90397ae042c0b

    • SHA256

      37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138

    • SHA512

      cac3cb5aea6660357e6de892db9aa3f3f4725561897a38f8876a8e181990a58108e6d15fc0c2fcb56ea4517e05e03d1a877a15fb6884f4d28739e1d25f1e05f3

    • SSDEEP

      6144:xOCC7QURYl/aMw3cSqJ6bKf8LiXgG9TknY/jTfAxHbIQJQgy770/B5p6uXRaD:xRCMwqJ6boyG9Tk6kI4jm03prR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks