Overview

overview

10

Static

static

3

95702883e8...c2.exe

windows7-x64

10

95702883e8...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb695c92750535c6cf48087abd5efbadcf2aa709fe64c34f32524c5800ef2d9f

  • Size

    1.9MB

  • Sample

    241111-dyxx2asclc

  • MD5

    26ed4e759963a6cc01f0fac289132424

  • SHA1

    017c76f7043bf39e0ec21efbd84aea32c86c981c

  • SHA256

    eb695c92750535c6cf48087abd5efbadcf2aa709fe64c34f32524c5800ef2d9f

  • SHA512

    065ce6ad0bebb37011be0f1c5968c21b74c4817410204a85053206bcbbe4075fef4e4657aaae4900a611ff291543cfdf4a021fdae3e9b7b25940af4d91196ae7

  • SSDEEP

    49152:EKDBXouwubtXdr7Xph5999ie8JiMs47nS+OVszsYyMDQbHfSr972:E+wu5tfZh799ieFT+AksYLDQbfst2

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.210.137.6:47909

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2.exe

    • Size

      2.1MB

    • MD5

      d1433f5b2eada044678af57d87ee31e5

    • SHA1

      0493152ee8d18335fa5043be0f80d12331f2ea00

    • SHA256

      95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2

    • SHA512

      80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2

    • SSDEEP

      49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks