General

  • Target

    c44148c0f3c14aea282ec116e768f5d3c58a50672d9e4b3867198a34069bf2ae.exe

  • Size

    323KB

  • Sample

    240910-cm98jstdqb

  • MD5

    5ac3358abe03a6faa36599fe785b85b2

  • SHA1

    e79bf35157e110c81a43af2f3b54d7a015f613b3

  • SHA256

    c44148c0f3c14aea282ec116e768f5d3c58a50672d9e4b3867198a34069bf2ae

  • SHA512

    dc64db8b7e6e1f6154f37c6cae0dec3ad1dd3e0a3160951c7e7af8fc943e3bde2573aca6654f73a7818fd74160c87296c6514465acc3013a4e679cf33183ae09

  • SSDEEP

    6144:+7wpoNEo95MvVJDcDkpc1RJsaCAHX0BDQdX82mwM3xy:7poNRWFcDc2CA30pQdXhu3xy

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

45.91.202.63:25415

Targets

    • Target

      c44148c0f3c14aea282ec116e768f5d3c58a50672d9e4b3867198a34069bf2ae.exe

    • Size

      323KB

    • MD5

      5ac3358abe03a6faa36599fe785b85b2

    • SHA1

      e79bf35157e110c81a43af2f3b54d7a015f613b3

    • SHA256

      c44148c0f3c14aea282ec116e768f5d3c58a50672d9e4b3867198a34069bf2ae

    • SHA512

      dc64db8b7e6e1f6154f37c6cae0dec3ad1dd3e0a3160951c7e7af8fc943e3bde2573aca6654f73a7818fd74160c87296c6514465acc3013a4e679cf33183ae09

    • SSDEEP

      6144:+7wpoNEo95MvVJDcDkpc1RJsaCAHX0BDQdX82mwM3xy:7poNRWFcDc2CA30pQdXhu3xy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks