General

  • Target

    1552-319-0x0000000003FD0000-0x0000000004004000-memory.dmp

  • Size

    208KB

  • Sample

    230803-j1er5acb65

  • MD5

    0f79fbe2bc9cf4a8328154d7fbe05df2

  • SHA1

    26305fd5ff14b060e96a1b2c2ba848253ef22460

  • SHA256

    9cff1247284a27300c7562f1720a5dec271426bd4b7b647e3571e52194b86bff

  • SHA512

    878801013126bd7e03ecf1b203cab21d3e0a2d432d8252f84497dbbb5d7e067b5dd12645ae9816a51e81ac49dcd9e78f753b40830cf4bcb3535e4d2ad96f941c

  • SSDEEP

    3072:MW3s69VvJMzabHEt82BCHJam9UlCQXD/2brWI4+okzBby/8e8hg:p3s6NMzaBJpK+brWIFdS

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      1552-319-0x0000000003FD0000-0x0000000004004000-memory.dmp

    • Size

      208KB

    • MD5

      0f79fbe2bc9cf4a8328154d7fbe05df2

    • SHA1

      26305fd5ff14b060e96a1b2c2ba848253ef22460

    • SHA256

      9cff1247284a27300c7562f1720a5dec271426bd4b7b647e3571e52194b86bff

    • SHA512

      878801013126bd7e03ecf1b203cab21d3e0a2d432d8252f84497dbbb5d7e067b5dd12645ae9816a51e81ac49dcd9e78f753b40830cf4bcb3535e4d2ad96f941c

    • SSDEEP

      3072:MW3s69VvJMzabHEt82BCHJam9UlCQXD/2brWI4+okzBby/8e8hg:p3s6NMzaBJpK+brWIFdS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks