General

  • Target

    34a2b5ec0b1983aa200e34c6e798217401d06debc50a6041b5f4bee7f7709c3b

  • Size

    324KB

  • Sample

    240912-2gy1rszama

  • MD5

    03c684d108487e21586c867a879479fc

  • SHA1

    7fb35d06d76addde6ac57015331c7ce728b7759d

  • SHA256

    34a2b5ec0b1983aa200e34c6e798217401d06debc50a6041b5f4bee7f7709c3b

  • SHA512

    210dfb25e13f44e93d0cfe5837ca5222d815388c92dc00d689da0b56e0e4057103de5597457b8b66d2dd1a193ef31793b5b50fa081a7f8bb296caaa4b447a63a

  • SSDEEP

    6144:Kdb0JQFFuj81Mu8JDCHr0iGu+AKHXsX3luAZGhHbbBqd6q:BJtg1M/CHGAGssAMri

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

77.83.175.241:19849

Targets

    • Target

      34a2b5ec0b1983aa200e34c6e798217401d06debc50a6041b5f4bee7f7709c3b

    • Size

      324KB

    • MD5

      03c684d108487e21586c867a879479fc

    • SHA1

      7fb35d06d76addde6ac57015331c7ce728b7759d

    • SHA256

      34a2b5ec0b1983aa200e34c6e798217401d06debc50a6041b5f4bee7f7709c3b

    • SHA512

      210dfb25e13f44e93d0cfe5837ca5222d815388c92dc00d689da0b56e0e4057103de5597457b8b66d2dd1a193ef31793b5b50fa081a7f8bb296caaa4b447a63a

    • SSDEEP

      6144:Kdb0JQFFuj81Mu8JDCHr0iGu+AKHXsX3luAZGhHbbBqd6q:BJtg1M/CHGAGssAMri

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks