General

  • Target

    11506bb939332f58920d0a3c8ad1c5c2.bin

  • Size

    309KB

  • Sample

    240914-bc29hszajg

  • MD5

    0a8571436d4b2246fb2d5337713e23dc

  • SHA1

    b2a37c4abe8828fe375f13bd2ea9eb3b31c71298

  • SHA256

    a54d2ae32c945c019797c2ae59603eca6804b932c9e1751669f64e4ea7a5c45e

  • SHA512

    3a4e65a14b0e0307198c21149a2efb899cdbeb6ecda3902d209ca8c8a41454d1889842188dd06c054ff5cbe926083436ca0352848adf5c9599b67a5a36feb6c7

  • SSDEEP

    6144:f+Ljmd3Xto+HWBQxR0xeUsuuFxN6tgKl9xbHzn0Wk9VOdM5/KA99pHWLcwCZ+8:WveHAmRweUf6B9VWMpKwXZ+8

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

185.203.241.68:40901

Targets

    • Target

      4ed6d72fef68c583439e803871226e76588ce6436d10362011b21763e0ccf176.exe

    • Size

      313KB

    • MD5

      11506bb939332f58920d0a3c8ad1c5c2

    • SHA1

      84a51f6e540a74df7cba44454d162fdaefebc0e5

    • SHA256

      4ed6d72fef68c583439e803871226e76588ce6436d10362011b21763e0ccf176

    • SHA512

      ae52f9c23d8602f5d0124690ba271725b6c05abe96fc653c6fd9e701931c4b06c7ba085b3731866367d28f3013c01ba902f200a4ab7451ae162cfa6a7356450a

    • SSDEEP

      6144:bcpDFLyc58oYip9to/FgQmfy0uOlxyRyr2Y7ND6:bADY08oYip9tot2rlwRyy+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks