General

  • Target

    65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad

  • Size

    324KB

  • Sample

    240905-t9yxgawbpd

  • MD5

    e600b6015b0312b52214f459fcc6f3c2

  • SHA1

    0e763e33524e467b46d27e5f0603cd2165c47fed

  • SHA256

    65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad

  • SHA512

    b1c1a68128c2cd75df9cb1d890358fd6bb85d9a62288468a19db3295cc25e6cb97c05fa0b5bc3b1dd2b88bd39b343ce5cd1494ca8ab56352c1e375e88fe7e464

  • SSDEEP

    6144:sPP5QJyXEJZq77hQ8ed1oBj32nQumiUdfg+CYnDNMhXYGenCnaW1qMJyky:cGJyX2EdQ8ed1K+Yfg+DDGYn4aW1TJyD

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

147.45.47.36:30035

Targets

    • Target

      65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad

    • Size

      324KB

    • MD5

      e600b6015b0312b52214f459fcc6f3c2

    • SHA1

      0e763e33524e467b46d27e5f0603cd2165c47fed

    • SHA256

      65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad

    • SHA512

      b1c1a68128c2cd75df9cb1d890358fd6bb85d9a62288468a19db3295cc25e6cb97c05fa0b5bc3b1dd2b88bd39b343ce5cd1494ca8ab56352c1e375e88fe7e464

    • SSDEEP

      6144:sPP5QJyXEJZq77hQ8ed1oBj32nQumiUdfg+CYnDNMhXYGenCnaW1qMJyky:cGJyX2EdQ8ed1K+Yfg+DDGYn4aW1TJyD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks