General

  • Target

    d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2

  • Size

    375KB

  • Sample

    240905-2sljtatbpd

  • MD5

    1b4e6b62027f8ee24d3401c9ec96f672

  • SHA1

    6bb4152446cd1ed5752f81f7ba4053b8e12d0852

  • SHA256

    d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2

  • SHA512

    bf8a779100c87206018926bc077ffd23bdce02fe5f47518e528e747b0ed83f60972d98abdf618ac514f8ac87250488fe0cab7756bc11ba18686e0d45c1c0dffc

  • SSDEEP

    6144:i1EphgcDeE9hz4LL9VYv7rIQRVHjj3IP4Za1xsL8IbjKWijFj5OPhRXvo4:CE0a9veL9VuHNjj3IQc28IbjKWk/OPhJ

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2

    • Size

      375KB

    • MD5

      1b4e6b62027f8ee24d3401c9ec96f672

    • SHA1

      6bb4152446cd1ed5752f81f7ba4053b8e12d0852

    • SHA256

      d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2

    • SHA512

      bf8a779100c87206018926bc077ffd23bdce02fe5f47518e528e747b0ed83f60972d98abdf618ac514f8ac87250488fe0cab7756bc11ba18686e0d45c1c0dffc

    • SSDEEP

      6144:i1EphgcDeE9hz4LL9VYv7rIQRVHjj3IP4Za1xsL8IbjKWijFj5OPhRXvo4:CE0a9veL9VuHNjj3IQc28IbjKWk/OPhJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks