General

  • Target

    2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697

  • Size

    1.6MB

  • Sample

    240912-2gqdmaydnn

  • MD5

    84696a854747864cc51653cb5d843a2a

  • SHA1

    ddf0349094531296a340d66d7d7f0bf76df311f5

  • SHA256

    2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697

  • SHA512

    d7ec6ad635e44d1824a965ccab4722aa9c32e462843f89cfb1bd794d915fefd4c567bf1a8bba890eafbf891658f2f0d9dd351991bafbe642a35442afebc0ddca

  • SSDEEP

    49152:V5OneYHloH3HlcGbDss/fvpvJuUHOi0i7hQ5:V5eeYHa1c6DssxU6OXi7e

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

45.91.202.63:25415

Targets

    • Target

      2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697

    • Size

      1.6MB

    • MD5

      84696a854747864cc51653cb5d843a2a

    • SHA1

      ddf0349094531296a340d66d7d7f0bf76df311f5

    • SHA256

      2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697

    • SHA512

      d7ec6ad635e44d1824a965ccab4722aa9c32e462843f89cfb1bd794d915fefd4c567bf1a8bba890eafbf891658f2f0d9dd351991bafbe642a35442afebc0ddca

    • SSDEEP

      49152:V5OneYHloH3HlcGbDss/fvpvJuUHOi0i7hQ5:V5eeYHa1c6DssxU6OXi7e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks