General

  • Target

    66d48faf6737f_crypted.exe

  • Size

    312KB

  • Sample

    240904-efwspavbkl

  • MD5

    67a51322cbb161374023771f2fa9c1d5

  • SHA1

    0162a4171c983605374a295a57a7ba6a58622ff5

  • SHA256

    ef7e913e51b970193a61248fccf25fa32f9efbdc82953ca0850d9607e87cdd68

  • SHA512

    71e4962d123a21d763a6d88899c35df1f7a0712bd33995fd61e548deb4d1d2c135000330d5f2dd843c69cd8f92c42295c9e0f2c2a288a4f3c81496e83a837ce1

  • SSDEEP

    6144:oQFymRBlWpu63P0RZrZ9bWHITwScrryiQ23HtIff:DFy0l0f6ZrZ9bWoVCrHdIH

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      66d48faf6737f_crypted.exe

    • Size

      312KB

    • MD5

      67a51322cbb161374023771f2fa9c1d5

    • SHA1

      0162a4171c983605374a295a57a7ba6a58622ff5

    • SHA256

      ef7e913e51b970193a61248fccf25fa32f9efbdc82953ca0850d9607e87cdd68

    • SHA512

      71e4962d123a21d763a6d88899c35df1f7a0712bd33995fd61e548deb4d1d2c135000330d5f2dd843c69cd8f92c42295c9e0f2c2a288a4f3c81496e83a837ce1

    • SSDEEP

      6144:oQFymRBlWpu63P0RZrZ9bWHITwScrryiQ23HtIff:DFy0l0f6ZrZ9bWoVCrHdIH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks