General

  • Target

    93e1c628d0aed6d6e5fce557edc6079629e29181f87037a8d47585b06dbb005b

  • Size

    367KB

  • Sample

    230803-jggglsca58

  • MD5

    0c7ea4c9f6ed40d241aab1cccec64e25

  • SHA1

    661d0c69cc3f00e5a0d103b2ca8107055fbc17ab

  • SHA256

    93e1c628d0aed6d6e5fce557edc6079629e29181f87037a8d47585b06dbb005b

  • SHA512

    97f60c0fecfe271952245ee7a47c0a4b144168bd1b3adf52599616fb1a1b7fbbd245b89ea3a2d8f0c932d596ab91027e6918f43373b3b39348605ebc7d495cbb

  • SSDEEP

    3072:6kK3KMZsP7gLu1AEuT8o1QvjpFdmg9ZB+fGViaGsrQYnX2ZwI62qXhSk+UcgQYF4:yRZsPMLu15zo8FdgfGOaQQi6hRcU0Y

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      93e1c628d0aed6d6e5fce557edc6079629e29181f87037a8d47585b06dbb005b

    • Size

      367KB

    • MD5

      0c7ea4c9f6ed40d241aab1cccec64e25

    • SHA1

      661d0c69cc3f00e5a0d103b2ca8107055fbc17ab

    • SHA256

      93e1c628d0aed6d6e5fce557edc6079629e29181f87037a8d47585b06dbb005b

    • SHA512

      97f60c0fecfe271952245ee7a47c0a4b144168bd1b3adf52599616fb1a1b7fbbd245b89ea3a2d8f0c932d596ab91027e6918f43373b3b39348605ebc7d495cbb

    • SSDEEP

      3072:6kK3KMZsP7gLu1AEuT8o1QvjpFdmg9ZB+fGViaGsrQYnX2ZwI62qXhSk+UcgQYF4:yRZsPMLu15zo8FdgfGOaQQi6hRcU0Y

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks