General

  • Target

    b6c12a25d818dde41b6b677104f2f3de495a8175af811b5a71fc91e43c12c3fc

  • Size

    1.7MB

  • Sample

    240910-xg1r5syhkm

  • MD5

    979d8a371c97ed8f2438e6809064dcd9

  • SHA1

    56b6b7eb3a1d2a9fdf2c7cbc5a253b72adcf5a29

  • SHA256

    b6c12a25d818dde41b6b677104f2f3de495a8175af811b5a71fc91e43c12c3fc

  • SHA512

    64c776cd89299beb89792ce05514150086ea05344a7917533b10b9bdf11330cf0d3fbf0d169b9d382b3020ad363d23490d7b2c32b67a43ca79d646aa0d37e576

  • SSDEEP

    24576:0NA3R5drX/Wf1eYHpjovAA3HlaPnGAYh5stet5h52sKMJgvW69EvJuok0h8Rx59U:V5O9eYHloH3HlcGbDss/fvpvJuWiXU

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

45.91.202.63:25415

Targets

    • Target

      b6c12a25d818dde41b6b677104f2f3de495a8175af811b5a71fc91e43c12c3fc

    • Size

      1.7MB

    • MD5

      979d8a371c97ed8f2438e6809064dcd9

    • SHA1

      56b6b7eb3a1d2a9fdf2c7cbc5a253b72adcf5a29

    • SHA256

      b6c12a25d818dde41b6b677104f2f3de495a8175af811b5a71fc91e43c12c3fc

    • SHA512

      64c776cd89299beb89792ce05514150086ea05344a7917533b10b9bdf11330cf0d3fbf0d169b9d382b3020ad363d23490d7b2c32b67a43ca79d646aa0d37e576

    • SSDEEP

      24576:0NA3R5drX/Wf1eYHpjovAA3HlaPnGAYh5stet5h52sKMJgvW69EvJuok0h8Rx59U:V5O9eYHloH3HlcGbDss/fvpvJuWiXU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks