General

  • Target

    f2bb4e90fd8a61c6e8d8195b09acabcdd4c0791c3a152f4f1b7753fb6a93d51c

  • Size

    411KB

  • Sample

    230802-x4fqgsaf5z

  • MD5

    fddd27d4a68bbf8a7e6f403322451160

  • SHA1

    d9cee98522e86a6b217ff98f0572eea8ea1ce29e

  • SHA256

    f2bb4e90fd8a61c6e8d8195b09acabcdd4c0791c3a152f4f1b7753fb6a93d51c

  • SHA512

    d664bb94867130b3f3782a0564b3cee70975cdad6911bee46a4dec1dccdefe479784b88c4776998add60d3fdffb524edf6cea5655d46bf655b0959f6b202340e

  • SSDEEP

    6144:IFI31h9CLVGhUc5JFWy7pCl62RGzyENGjGHPcw:IiTCLIFWaAl6nyLiv

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      f2bb4e90fd8a61c6e8d8195b09acabcdd4c0791c3a152f4f1b7753fb6a93d51c

    • Size

      411KB

    • MD5

      fddd27d4a68bbf8a7e6f403322451160

    • SHA1

      d9cee98522e86a6b217ff98f0572eea8ea1ce29e

    • SHA256

      f2bb4e90fd8a61c6e8d8195b09acabcdd4c0791c3a152f4f1b7753fb6a93d51c

    • SHA512

      d664bb94867130b3f3782a0564b3cee70975cdad6911bee46a4dec1dccdefe479784b88c4776998add60d3fdffb524edf6cea5655d46bf655b0959f6b202340e

    • SSDEEP

      6144:IFI31h9CLVGhUc5JFWy7pCl62RGzyENGjGHPcw:IiTCLIFWaAl6nyLiv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks