Overview

overview

10

Static

static

1

013a487ee1...3b.exe

windows7-x64

10

013a487ee1...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a33f2c76749b47b74f586f4a3c182b2c060f0f2a26ff27b29ffbaf5fb36dee80

  • Size

    140KB

  • Sample

    241106-q4th1szqbx

  • MD5

    3ffffeba2599dcb1ae97990e4bdee322

  • SHA1

    107714b94dac0431b5f012d957466dbd7033fa18

  • SHA256

    a33f2c76749b47b74f586f4a3c182b2c060f0f2a26ff27b29ffbaf5fb36dee80

  • SHA512

    6deca438f89d7f118f83fdb2662b1e5db7af52d773708534e1a78ac2fa765a8d69868817f475289622014ceab3987ce45849cfec796bc119390d8af7c831b23d

  • SSDEEP

    3072:cya4ZFAWC5cVv2tRxljEW3D+PPUUOokOaI9pMyWjQ6TVvVBYRlv:cv4qc03QPUXI9pMvjBpE

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

213.32.44.120:6254

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      013a487ee136477c46706f149fccc14409f7bc0a53060bbfec4fca1ea2b8133b.exe

    • Size

      252KB

    • MD5

      eecea8a0d8cf4bb72e7fe29909f78189

    • SHA1

      e34ce307cb0d9d4bb0e20109fad273efb3b75a21

    • SHA256

      013a487ee136477c46706f149fccc14409f7bc0a53060bbfec4fca1ea2b8133b

    • SHA512

      d458108a23f9ba8fef392fd7dfe3473c331df9066f7cc9fe383b06f27e84ec8cb0b5a2e8f1aeeaf2bfa17ccb8fdfeb5cee13c1c5a1e70519713c92c363967cc6

    • SSDEEP

      6144:jUmnhkRWlYBmweduFyFdG1B8fIu3P3HegxA4c:HnhkRWASZ3vHzxAv

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks