General

  • Target

    2b568b076347ce55e4ec76681c60fb50d42b44530eb84be975fd911b2d0ad2b3

  • Size

    358KB

  • Sample

    230803-3r38xahg2t

  • MD5

    c268825bb990a9a1a50fda8a6bfca932

  • SHA1

    6c87b11eebdfb49d15814ed7ffb87b01e3c7f062

  • SHA256

    2b568b076347ce55e4ec76681c60fb50d42b44530eb84be975fd911b2d0ad2b3

  • SHA512

    09fb19421af9bc873c0af8bb1970a43bf891de196f29ba4eaa48af67055a15d07ea3d995e9e3a0d0a6f862ec93eaf4aeaf2c64412763a4a6b973cd87555a1e15

  • SSDEEP

    6144:+aiNNLUbRdFCFQpXO6v1hPFBWSuNmZ8dH950Z6jHGHs8qze0OQX7:+aiPobrOQY67FBWVN0BEHcs82ZL

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      2b568b076347ce55e4ec76681c60fb50d42b44530eb84be975fd911b2d0ad2b3

    • Size

      358KB

    • MD5

      c268825bb990a9a1a50fda8a6bfca932

    • SHA1

      6c87b11eebdfb49d15814ed7ffb87b01e3c7f062

    • SHA256

      2b568b076347ce55e4ec76681c60fb50d42b44530eb84be975fd911b2d0ad2b3

    • SHA512

      09fb19421af9bc873c0af8bb1970a43bf891de196f29ba4eaa48af67055a15d07ea3d995e9e3a0d0a6f862ec93eaf4aeaf2c64412763a4a6b973cd87555a1e15

    • SSDEEP

      6144:+aiNNLUbRdFCFQpXO6v1hPFBWSuNmZ8dH950Z6jHGHs8qze0OQX7:+aiPobrOQY67FBWVN0BEHcs82ZL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks