General

  • Target

    c01006bcd4b3144b6121fc524c4818d9bc61b429b3c655ef9f22bc3df8628934

  • Size

    395KB

  • Sample

    230804-fq3vesag3y

  • MD5

    6940d9426d5ec3992329da17c01dd2a5

  • SHA1

    4d6dd8f8260e8851369cef04e2db1b01691da6af

  • SHA256

    c01006bcd4b3144b6121fc524c4818d9bc61b429b3c655ef9f22bc3df8628934

  • SHA512

    5e64a072a1edc9e272888a0785fee8d4b5c320a02d30b63a0c8c1c2ffb3166c4382ca264bdccacb1d566185c8fa039bb614dbb8caf656a6a450ea99d2228eecc

  • SSDEEP

    6144:h+uh1vF+XRR4qTXqALqfOdA8qi40MIIfkvQUC:Xh1v8XRR4qTXOfOdVq8Lo

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      c01006bcd4b3144b6121fc524c4818d9bc61b429b3c655ef9f22bc3df8628934

    • Size

      395KB

    • MD5

      6940d9426d5ec3992329da17c01dd2a5

    • SHA1

      4d6dd8f8260e8851369cef04e2db1b01691da6af

    • SHA256

      c01006bcd4b3144b6121fc524c4818d9bc61b429b3c655ef9f22bc3df8628934

    • SHA512

      5e64a072a1edc9e272888a0785fee8d4b5c320a02d30b63a0c8c1c2ffb3166c4382ca264bdccacb1d566185c8fa039bb614dbb8caf656a6a450ea99d2228eecc

    • SSDEEP

      6144:h+uh1vF+XRR4qTXqALqfOdA8qi40MIIfkvQUC:Xh1v8XRR4qTXOfOdVq8Lo

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks