General

  • Target

    974184d82aa6346d9f6c7b84201f7a70c7903e1748e4788ea5ef8a66ec96f8ad

  • Size

    360KB

  • Sample

    230803-lve7tacf89

  • MD5

    88c112e05e3f4170c7d50fcab8aefd73

  • SHA1

    4c2a3ee3d187a7724b330448c43b7cbce3b4f766

  • SHA256

    974184d82aa6346d9f6c7b84201f7a70c7903e1748e4788ea5ef8a66ec96f8ad

  • SHA512

    60c84890cdd474cc0beab4533b07d49f21ac467972647a4a391a0468b4d8a176d40ceab80bffc9901a3f08a3ae63263cac46caf06637bcaf16583f5df4abcb67

  • SSDEEP

    6144:VqNUsi83LnsSwoKzDgPOT0v6tiK4SkVbIdrAjFxFtf84F:0UsiOzshoKzDhT0SttqV4rAj5

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      974184d82aa6346d9f6c7b84201f7a70c7903e1748e4788ea5ef8a66ec96f8ad

    • Size

      360KB

    • MD5

      88c112e05e3f4170c7d50fcab8aefd73

    • SHA1

      4c2a3ee3d187a7724b330448c43b7cbce3b4f766

    • SHA256

      974184d82aa6346d9f6c7b84201f7a70c7903e1748e4788ea5ef8a66ec96f8ad

    • SHA512

      60c84890cdd474cc0beab4533b07d49f21ac467972647a4a391a0468b4d8a176d40ceab80bffc9901a3f08a3ae63263cac46caf06637bcaf16583f5df4abcb67

    • SSDEEP

      6144:VqNUsi83LnsSwoKzDgPOT0v6tiK4SkVbIdrAjFxFtf84F:0UsiOzshoKzDhT0SttqV4rAj5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks