General

  • Target

    66d72df86b9f3_crypted.exe

  • Size

    313KB

  • Sample

    240903-t3xe3a1dmm

  • MD5

    6b19e5c100db0812ffb7813a1503c05d

  • SHA1

    17032c0b1b056bec3f23786bad5aa17404de3297

  • SHA256

    516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e

  • SHA512

    fb97bd74aae13cb4d0205cf704300dfc4f0678dcbd07aacc295bc13b666a4bff46f12786c2d37702a7a783e786a6a92df31df37a39ebcaee74d46c58e0c4e27c

  • SSDEEP

    6144:tSS+SfXno/QxiNbuW22FoiU4eAy9i3nzbtvNDNsw:99PqBuW2dHwHxNDNsw

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      66d72df86b9f3_crypted.exe

    • Size

      313KB

    • MD5

      6b19e5c100db0812ffb7813a1503c05d

    • SHA1

      17032c0b1b056bec3f23786bad5aa17404de3297

    • SHA256

      516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e

    • SHA512

      fb97bd74aae13cb4d0205cf704300dfc4f0678dcbd07aacc295bc13b666a4bff46f12786c2d37702a7a783e786a6a92df31df37a39ebcaee74d46c58e0c4e27c

    • SSDEEP

      6144:tSS+SfXno/QxiNbuW22FoiU4eAy9i3nzbtvNDNsw:99PqBuW2dHwHxNDNsw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks