redline | 15f4c5bbcd58e588f1dcccc7983c0278a2547196a61947645ea6eace938e3e51 | Triage

Submit
Reports

Overview

overview

Static

static

3

6d17c9629d...fc.exe

windows7-x64

6d17c9629d...fc.exe

windows10-2004-x64

Sharing

General

Target

15f4c5bbcd58e588f1dcccc7983c0278a2547196a61947645ea6eace938e3e51
Size

2.0MB
Sample

241105-nvvnlssqen
MD5

af046960403a6538b7b7b156744581a1
SHA1

16fadcc7f649e92e4999ee032260754bf7528861
SHA256

15f4c5bbcd58e588f1dcccc7983c0278a2547196a61947645ea6eace938e3e51
SHA512

9a853d7c937d2fa24b67fd6493e5932622276384edc8e26d75954349605fbd690548cae0c5b8bd247c16ef14759e20923d5cb7b1dc569a1f9da00e186f89f9fc
SSDEEP

49152:VUXDhFGTWNwgndZMSbkkpwdtv2DmfqDbztbw33eRzAePLixLs37n+I:V4X1NbndOdkpwL2U8bztbwH+z7LiZeH

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d17c9629d39d317e000a48b9d9fb59ec31e3bc97b84b114170d6b62c3ba1cfc.exe

Resource

win7-20241010-en

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d17c9629d39d317e000a48b9d9fb59ec31e3bc97b84b114170d6b62c3ba1cfc.exe

Resource

win10v2004-20241007-en

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.210.137.6:47909

Attributes

auth_value
3a050df92d0cf082b2cdaf87863616be

Targets

- Target
  
  6d17c9629d39d317e000a48b9d9fb59ec31e3bc97b84b114170d6b62c3ba1cfc.exe
- Size
  
  2.2MB
- MD5
  
  cc3b838c63e0b872e8d82e907e327870
- SHA1
  
  329cd955e1d242cefbf122e3c68c3b35fb74d96f
- SHA256
  
  6d17c9629d39d317e000a48b9d9fb59ec31e3bc97b84b114170d6b62c3ba1cfc
- SHA512
  
  e27785e788de4d44ca1717e2ace0a61d0e3c66da3ffac657885e4a85e4354697f6d9ed51ac1a7bf4f10482c6b7a1ffe5f5a6f434d065686b9c275e8c6eacc9fd
- SSDEEP
  
  49152:V5O4DcuKF5i8avmG9OAhZVyMIdLTPf4Ut3qUqO6m:V5NRyG95ZgRdLTPf43rq
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

© 2018-2025

Terms | Privacy