General

  • Target

    be0f440e8e9409aecdcede61c7d3e023a0ef89ac97d1cac939976c65be22a4d4

  • Size

    358KB

  • Sample

    230803-1j2c8sgc25

  • MD5

    fa8efb077e0adc7e8b7057b244b122c6

  • SHA1

    f1ad3793e0e2a4eeec15abd11118b6c3e8a84415

  • SHA256

    be0f440e8e9409aecdcede61c7d3e023a0ef89ac97d1cac939976c65be22a4d4

  • SHA512

    1bbeac8e3763c260d9a392a971b9f47ebfbce076147a6f521b75df17c5363e4350d2f67b9cabdda52104c420ac2b2731bab3dd67310c5d51340c7e5db150d805

  • SSDEEP

    6144:8YiNoLDcR7Es70y2APBoUZM9KpI7+luk/a34kauVYp:8YiuXcZEyRKUZMPSlukbuVq

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      be0f440e8e9409aecdcede61c7d3e023a0ef89ac97d1cac939976c65be22a4d4

    • Size

      358KB

    • MD5

      fa8efb077e0adc7e8b7057b244b122c6

    • SHA1

      f1ad3793e0e2a4eeec15abd11118b6c3e8a84415

    • SHA256

      be0f440e8e9409aecdcede61c7d3e023a0ef89ac97d1cac939976c65be22a4d4

    • SHA512

      1bbeac8e3763c260d9a392a971b9f47ebfbce076147a6f521b75df17c5363e4350d2f67b9cabdda52104c420ac2b2731bab3dd67310c5d51340c7e5db150d805

    • SSDEEP

      6144:8YiNoLDcR7Es70y2APBoUZM9KpI7+luk/a34kauVYp:8YiuXcZEyRKUZMPSlukbuVq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks