General

  • Target

    6b19e5c100db0812ffb7813a1503c05d.bin

  • Size

    309KB

  • Sample

    240905-mjmceszaqf

  • MD5

    660914841dc1796982179600f3aaedb3

  • SHA1

    d25e49953a4fd79c57cb19e69575db69f8a7b560

  • SHA256

    31faa8f6ebd1026ef7d66fee4401be89db9d15e18b8a2eb385ce2f476777f8eb

  • SHA512

    805fd25329b8d02e5e428374a6abf50d7c2bf9bb14eb4ec00a96a59ac52b455c52e92aa13c70cfde2159cb85b368849506ca6f02074b434f981df92248e979a5

  • SSDEEP

    6144:1I53Uikr5zxMgYvVIdTU+xaqFq6Qtuo3tPrToKZFq90Yt:KUL5tMgYCdFBs6QtVR8KW9nt

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e.exe

    • Size

      313KB

    • MD5

      6b19e5c100db0812ffb7813a1503c05d

    • SHA1

      17032c0b1b056bec3f23786bad5aa17404de3297

    • SHA256

      516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e

    • SHA512

      fb97bd74aae13cb4d0205cf704300dfc4f0678dcbd07aacc295bc13b666a4bff46f12786c2d37702a7a783e786a6a92df31df37a39ebcaee74d46c58e0c4e27c

    • SSDEEP

      6144:tSS+SfXno/QxiNbuW22FoiU4eAy9i3nzbtvNDNsw:99PqBuW2dHwHxNDNsw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks