redline | 330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6 | Triage

Sharing

General

Target

330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6.exe
Size

314KB
Sample

240927-bjvg9axdrq
MD5

2cfc1aa34c34f4968b099aa7646097a5
SHA1

8f0474e95ebd679be59eb2c002056bef9361305c
SHA256

330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6
SHA512

81a4b338cf5a931e7a24c5de37069aec288cfbdd5f94895c470bef2f3407eea3e1046d5072e690430288719560baa4d63f21b89876c07d63811b5da3a9611e81
SSDEEP

6144:89ecSWylbPXlZctxOTyORbnRRX8LC3V7/9rQxf08+LFYM:89eDNvcqT9Z7WC5/9ES8y

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

91.211.248.215:24327

Targets

- Target
  
  330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6.exe
- Size
  
  314KB
- MD5
  
  2cfc1aa34c34f4968b099aa7646097a5
- SHA1
  
  8f0474e95ebd679be59eb2c002056bef9361305c
- SHA256
  
  330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6
- SHA512
  
  81a4b338cf5a931e7a24c5de37069aec288cfbdd5f94895c470bef2f3407eea3e1046d5072e690430288719560baa4d63f21b89876c07d63811b5da3a9611e81
- SSDEEP
  
  6144:89ecSWylbPXlZctxOTyORbnRRX8LC3V7/9rQxf08+LFYM:89eDNvcqT9Z7WC5/9ES8y
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer