General

  • Target

    4ccc7f04823d8d6e65ebda49f53727bf0393d08939a7f0276d412889559836bb

  • Size

    408KB

  • Sample

    230802-yzf15ahf97

  • MD5

    3ca71348edb8c6926423ba490ce62f50

  • SHA1

    27fb045d37237e11e4ff8e4630935822ad173e1d

  • SHA256

    4ccc7f04823d8d6e65ebda49f53727bf0393d08939a7f0276d412889559836bb

  • SHA512

    f842edfc8c28fd01300dd88c012e2a484bcdaaa626502ebcd7d86d0f2934ef9b165f424eed735ddf14cf167a04fcfe21b72401b68a7b163f2a10d9afc9873f3f

  • SSDEEP

    6144:CCQF0M311JdLEeCmpAi2dNQsUbhNDXQTwhwj7V:C93FrdLImpAiUNQschtAPjZ

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      4ccc7f04823d8d6e65ebda49f53727bf0393d08939a7f0276d412889559836bb

    • Size

      408KB

    • MD5

      3ca71348edb8c6926423ba490ce62f50

    • SHA1

      27fb045d37237e11e4ff8e4630935822ad173e1d

    • SHA256

      4ccc7f04823d8d6e65ebda49f53727bf0393d08939a7f0276d412889559836bb

    • SHA512

      f842edfc8c28fd01300dd88c012e2a484bcdaaa626502ebcd7d86d0f2934ef9b165f424eed735ddf14cf167a04fcfe21b72401b68a7b163f2a10d9afc9873f3f

    • SSDEEP

      6144:CCQF0M311JdLEeCmpAi2dNQsUbhNDXQTwhwj7V:C93FrdLImpAiUNQschtAPjZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks