General

  • Target

    bcfec7d4a960c400264f1a316e4440f9b4e37f49a2341a909d1f06e78675f1f4

  • Size

    357KB

  • Sample

    230803-ytw56ahb7t

  • MD5

    0ad9ff932e0783ce8cca1b1c61dde9c3

  • SHA1

    a23dba70dc125445830a9b4b9d4984ceb888d23b

  • SHA256

    bcfec7d4a960c400264f1a316e4440f9b4e37f49a2341a909d1f06e78675f1f4

  • SHA512

    8c2254e88ecf0ed654b5880e57056d2f6608c3d9b563644a8c8350cb53ef4bc1f2a2793d11759a2040aec9457711ed7ea47e1f348271e70eff46cd3b410e9c0f

  • SSDEEP

    6144:CaiNqLg1RLPVZ+8UsVhxUXm7cGVyGrsHGDsGh74NNnTC:Cai0c1prpthU3CUtGh7oZC

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      bcfec7d4a960c400264f1a316e4440f9b4e37f49a2341a909d1f06e78675f1f4

    • Size

      357KB

    • MD5

      0ad9ff932e0783ce8cca1b1c61dde9c3

    • SHA1

      a23dba70dc125445830a9b4b9d4984ceb888d23b

    • SHA256

      bcfec7d4a960c400264f1a316e4440f9b4e37f49a2341a909d1f06e78675f1f4

    • SHA512

      8c2254e88ecf0ed654b5880e57056d2f6608c3d9b563644a8c8350cb53ef4bc1f2a2793d11759a2040aec9457711ed7ea47e1f348271e70eff46cd3b410e9c0f

    • SSDEEP

      6144:CaiNqLg1RLPVZ+8UsVhxUXm7cGVyGrsHGDsGh74NNnTC:Cai0c1prpthU3CUtGh7oZC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks