General

  • Target

    9bf5338dd92e17b929494089b0d9c149998cc09a12936a683aa354fa7e6aae8a

  • Size

    394KB

  • Sample

    230804-f4mqcshf93

  • MD5

    46391a61c6d720ddea8b9ef6b646750c

  • SHA1

    b64b2ee4b33de93fcedc7630fd83ee5cb99d873b

  • SHA256

    9bf5338dd92e17b929494089b0d9c149998cc09a12936a683aa354fa7e6aae8a

  • SHA512

    354f7a0c12f2e71e54e8f1475d67d46ae7a0bb6c74b4ffe4afd63eee97392b37c9b592d85a79c7dc668a0bca9dc76689d107f12616492833571a550924325b6a

  • SSDEEP

    3072:pGPu1+df4q9S7HqZodJA4i391kFaT2lyJqqjoBaxpdQHJKNYZl9H5tYb7v6tKeDM:muox9qbc91kFaT2QIBNH2E9Ztyv6we

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      9bf5338dd92e17b929494089b0d9c149998cc09a12936a683aa354fa7e6aae8a

    • Size

      394KB

    • MD5

      46391a61c6d720ddea8b9ef6b646750c

    • SHA1

      b64b2ee4b33de93fcedc7630fd83ee5cb99d873b

    • SHA256

      9bf5338dd92e17b929494089b0d9c149998cc09a12936a683aa354fa7e6aae8a

    • SHA512

      354f7a0c12f2e71e54e8f1475d67d46ae7a0bb6c74b4ffe4afd63eee97392b37c9b592d85a79c7dc668a0bca9dc76689d107f12616492833571a550924325b6a

    • SSDEEP

      3072:pGPu1+df4q9S7HqZodJA4i391kFaT2lyJqqjoBaxpdQHJKNYZl9H5tYb7v6tKeDM:muox9qbc91kFaT2QIBNH2E9Ztyv6we

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks