General

  • Target

    f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458

  • Size

    312KB

  • Sample

    240911-wsn22svgre

  • MD5

    ab06af28eabd848a572023a76ce875ac

  • SHA1

    80a6338acd08b1c52b008179ed1c43fa6892fac5

  • SHA256

    f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458

  • SHA512

    1a9ed3fd31a495b4b43f778e0d63bd338c53aea45efe4d51509bdbb067faa74c0d8cc6e1a9908bb020302b8642852e46c0eeccc9b040e6ca2e1499640dca54cb

  • SSDEEP

    6144:yMBav/6NbgdGyUe+nHarbN/sTeZdTCHqbu8uHTQNZxNSlggZ1zz8fkg:xsvWbgdhJ0GZsITg+uRHTQjmlggZ2

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

185.203.241.68:40901

Targets

    • Target

      f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458

    • Size

      312KB

    • MD5

      ab06af28eabd848a572023a76ce875ac

    • SHA1

      80a6338acd08b1c52b008179ed1c43fa6892fac5

    • SHA256

      f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458

    • SHA512

      1a9ed3fd31a495b4b43f778e0d63bd338c53aea45efe4d51509bdbb067faa74c0d8cc6e1a9908bb020302b8642852e46c0eeccc9b040e6ca2e1499640dca54cb

    • SSDEEP

      6144:yMBav/6NbgdGyUe+nHarbN/sTeZdTCHqbu8uHTQNZxNSlggZ1zz8fkg:xsvWbgdhJ0GZsITg+uRHTQjmlggZ2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks