General

  • Target

    0b6cd2b1e18193ba33edbd6a3fc464a6e302f0da7f881dd48aedbf6ba993aa32

  • Size

    312KB

  • Sample

    240912-2fgp4aycpr

  • MD5

    db1fbaf680dc245b486db86fa852f655

  • SHA1

    355caa80363bc44607efcce4c64d3752a0edf286

  • SHA256

    0b6cd2b1e18193ba33edbd6a3fc464a6e302f0da7f881dd48aedbf6ba993aa32

  • SHA512

    ec923d035cd6d608315c7a7dbd3ffd66afea22dace6f0854e7e97346ca758f6344c32a6a7336e9fd1506207bdee1e408f4a328b7671c7d9248a64e8a56c2e840

  • SSDEEP

    6144:ebVv6RXCrNabG9wcT7XVwBIQv6B2M4m2FxHrkRQyczK+VcpKTCcTj:ebGXCNXX1wus6B2Mo1mKcFcT

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

45.91.202.63:25415

Targets

    • Target

      0b6cd2b1e18193ba33edbd6a3fc464a6e302f0da7f881dd48aedbf6ba993aa32

    • Size

      312KB

    • MD5

      db1fbaf680dc245b486db86fa852f655

    • SHA1

      355caa80363bc44607efcce4c64d3752a0edf286

    • SHA256

      0b6cd2b1e18193ba33edbd6a3fc464a6e302f0da7f881dd48aedbf6ba993aa32

    • SHA512

      ec923d035cd6d608315c7a7dbd3ffd66afea22dace6f0854e7e97346ca758f6344c32a6a7336e9fd1506207bdee1e408f4a328b7671c7d9248a64e8a56c2e840

    • SSDEEP

      6144:ebVv6RXCrNabG9wcT7XVwBIQv6B2M4m2FxHrkRQyczK+VcpKTCcTj:ebGXCNXX1wus6B2Mo1mKcFcT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks