General

  • Target

    a8f7e5e66722849161aac143c18a8891b0468160f7624cd9a18503a711c5d5be

  • Size

    396KB

  • Sample

    230804-s6hweadc7x

  • MD5

    549a44c2aa3e12207c4fed20f1c22b7b

  • SHA1

    00db5d1bde07c9e2ef6f02688cc5e25a361bcb1e

  • SHA256

    a8f7e5e66722849161aac143c18a8891b0468160f7624cd9a18503a711c5d5be

  • SHA512

    b7b6f14b3d49258300f3afac4c0412608c57e43e55b713ae12b5f2034af09723bcaf1b48cdc87f3ba4a324e7516de68d2586e72a609d26c3cbf0f589ee678736

  • SSDEEP

    3072:DXoQigYZnZeWK7DUzpr7t5XZHHKRcS+axGrPnYzcxlDM2W1eBF32sxulLvyb/1qF:Tm51ZehvU9jOZQrvlC1VB1vy8DJRIb

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      a8f7e5e66722849161aac143c18a8891b0468160f7624cd9a18503a711c5d5be

    • Size

      396KB

    • MD5

      549a44c2aa3e12207c4fed20f1c22b7b

    • SHA1

      00db5d1bde07c9e2ef6f02688cc5e25a361bcb1e

    • SHA256

      a8f7e5e66722849161aac143c18a8891b0468160f7624cd9a18503a711c5d5be

    • SHA512

      b7b6f14b3d49258300f3afac4c0412608c57e43e55b713ae12b5f2034af09723bcaf1b48cdc87f3ba4a324e7516de68d2586e72a609d26c3cbf0f589ee678736

    • SSDEEP

      3072:DXoQigYZnZeWK7DUzpr7t5XZHHKRcS+axGrPnYzcxlDM2W1eBF32sxulLvyb/1qF:Tm51ZehvU9jOZQrvlC1VB1vy8DJRIb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks