General

  • Target

    d885f65a9ce48c9239080cbcc5f74744259bdad1dd963dda13948ea9c294489d

  • Size

    390KB

  • Sample

    230804-3pqvssgb41

  • MD5

    a0ad82474baf7bc4a088d79b9f6561f0

  • SHA1

    953ef4caaeaa27088192e5e9aa0b684c19b419ba

  • SHA256

    d885f65a9ce48c9239080cbcc5f74744259bdad1dd963dda13948ea9c294489d

  • SHA512

    33255ad77e082cf2c8b11f6454405c7fd9f5f5cd8e69edfda23b021fa7ac86c1b0a5c52f17eddeb2c2fbcb28f3c7301f1b2f8020825f86e443ef56ad2103b178

  • SSDEEP

    6144:MzOBkIbNW8Nl9f1kTs8SYWbcRGhFe++/C90kbJ3fC:MyBkIR2THSFbBP9t3f

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      d885f65a9ce48c9239080cbcc5f74744259bdad1dd963dda13948ea9c294489d

    • Size

      390KB

    • MD5

      a0ad82474baf7bc4a088d79b9f6561f0

    • SHA1

      953ef4caaeaa27088192e5e9aa0b684c19b419ba

    • SHA256

      d885f65a9ce48c9239080cbcc5f74744259bdad1dd963dda13948ea9c294489d

    • SHA512

      33255ad77e082cf2c8b11f6454405c7fd9f5f5cd8e69edfda23b021fa7ac86c1b0a5c52f17eddeb2c2fbcb28f3c7301f1b2f8020825f86e443ef56ad2103b178

    • SSDEEP

      6144:MzOBkIbNW8Nl9f1kTs8SYWbcRGhFe++/C90kbJ3fC:MyBkIR2THSFbBP9t3f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks