Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95e3b81574e6cbbd2efa792b1d4aadf9acfd6514e469b1e15eae7988f050cf2e

  • Size

    894KB

  • Sample

    240919-2kwd2svbrg

  • MD5

    826eb90d730bf03e39d78daa585364bc

  • SHA1

    d139eee9235e1f997ef14f014c7fbc3dd3b36a03

  • SHA256

    95e3b81574e6cbbd2efa792b1d4aadf9acfd6514e469b1e15eae7988f050cf2e

  • SHA512

    c5e50071603a0f7f8e27098a7272f8fa9d987c6daba1104890afa354f1c2ba506c2476911e306d0bae99772159f2462b3f61e844b608b1e1ea0463df22a33d42

  • SSDEEP

    24576:0NA3R5drX/WfwOauc1XayZWtTHOB8nDFQXi7hQHX:V5OfwOg1KyMHOi0i7hQ3

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)credential_accessdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

193.233.255.84:4284

Targets

    • Target

      95e3b81574e6cbbd2efa792b1d4aadf9acfd6514e469b1e15eae7988f050cf2e

    • Size

      894KB

    • MD5

      826eb90d730bf03e39d78daa585364bc

    • SHA1

      d139eee9235e1f997ef14f014c7fbc3dd3b36a03

    • SHA256

      95e3b81574e6cbbd2efa792b1d4aadf9acfd6514e469b1e15eae7988f050cf2e

    • SHA512

      c5e50071603a0f7f8e27098a7272f8fa9d987c6daba1104890afa354f1c2ba506c2476911e306d0bae99772159f2462b3f61e844b608b1e1ea0463df22a33d42

    • SSDEEP

      24576:0NA3R5drX/WfwOauc1XayZWtTHOB8nDFQXi7hQHX:V5OfwOg1KyMHOi0i7hQ3

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)credential_accessdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks