Overview

overview

10

Static

static

1

013a487ee1...3b.exe

windows7-x64

10

013a487ee1...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04f2eff1dd77312eb9e4dfbebb49e672606cab01

  • Size

    140KB

  • Sample

    241107-qpyt7ashpg

  • MD5

    e2083c9d594cd62c2e8e940f7a65341f

  • SHA1

    04f2eff1dd77312eb9e4dfbebb49e672606cab01

  • SHA256

    3226835cbe186ba029013302f79ac29e14f3f4e35b9cd1eec67c0ca86d5e8adf

  • SHA512

    c316078c14957938a1682d10bbd94d4f4af1c4e8272466c54e11e909210785c80affb65472f2e57d56fc7d07fc8e9e4f0a213e9a220517b0b721c0c857ed2e0e

  • SSDEEP

    3072:SAf5ICDXKiSqZUjb85lqGoxx1OuL1TLRT3kJgfC:Xu9Zvg5UGoMuBv53kJB

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

213.32.44.120:6254

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      013a487ee136477c46706f149fccc14409f7bc0a53060bbfec4fca1ea2b8133b.exe

    • Size

      252KB

    • MD5

      eecea8a0d8cf4bb72e7fe29909f78189

    • SHA1

      e34ce307cb0d9d4bb0e20109fad273efb3b75a21

    • SHA256

      013a487ee136477c46706f149fccc14409f7bc0a53060bbfec4fca1ea2b8133b

    • SHA512

      d458108a23f9ba8fef392fd7dfe3473c331df9066f7cc9fe383b06f27e84ec8cb0b5a2e8f1aeeaf2bfa17ccb8fdfeb5cee13c1c5a1e70519713c92c363967cc6

    • SSDEEP

      6144:jUmnhkRWlYBmweduFyFdG1B8fIu3P3HegxA4c:HnhkRWASZ3vHzxAv

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks