General

  • Target

    b088208e9b1dc40a80d6b6c18734e2744ae1e1b7a5774a186845faaecc8bb427

  • Size

    360KB

  • Sample

    230803-s458xsdh82

  • MD5

    10b2f5cdea9a98fcd33b99b153bb6ec0

  • SHA1

    8c4e2a447031ee7c1a1a3739d1774153a0562a6c

  • SHA256

    b088208e9b1dc40a80d6b6c18734e2744ae1e1b7a5774a186845faaecc8bb427

  • SHA512

    f771ebb64e8b04f2fe2d3196c7822b1800fd8debba60b5abe141946242a88955a86033bb68909cc818dbbbb387ce8984262cfe43349a633166876d67180f42e3

  • SSDEEP

    6144:RyvIig6LF5087eKbuMTaMI1JNQ1m/iawMN2/KYZqY:UIirZ508qdetIXNQ88h1

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      b088208e9b1dc40a80d6b6c18734e2744ae1e1b7a5774a186845faaecc8bb427

    • Size

      360KB

    • MD5

      10b2f5cdea9a98fcd33b99b153bb6ec0

    • SHA1

      8c4e2a447031ee7c1a1a3739d1774153a0562a6c

    • SHA256

      b088208e9b1dc40a80d6b6c18734e2744ae1e1b7a5774a186845faaecc8bb427

    • SHA512

      f771ebb64e8b04f2fe2d3196c7822b1800fd8debba60b5abe141946242a88955a86033bb68909cc818dbbbb387ce8984262cfe43349a633166876d67180f42e3

    • SSDEEP

      6144:RyvIig6LF5087eKbuMTaMI1JNQ1m/iawMN2/KYZqY:UIirZ508qdetIXNQ88h1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks