General

  • Target

    cbf1a81000539962cc686ae34114ba3424f7fa408707ad39721a40b267df5550

  • Size

    397KB

  • Sample

    230804-srlnrada81

  • MD5

    8be443c782672be0a7a927d1b89f6408

  • SHA1

    6dc62bc6947124d955a9301428808f408bed7f69

  • SHA256

    cbf1a81000539962cc686ae34114ba3424f7fa408707ad39721a40b267df5550

  • SHA512

    d79eee8cf64702c27bb463651b49bec9dd414f0465b29edf09a70cf9214f0f84ec4d54164ff27779bf647d6c0dd87a1da8abfdde07e2adffc3a48f334a83ac1d

  • SSDEEP

    6144:3ztz+pkxdf3MWHO6/SmQku6cIkUvcMXSiJzVThxE2P77hRBhzkh:3z5+pkxl3w6/rlcMXHHLnnhLhz

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      cbf1a81000539962cc686ae34114ba3424f7fa408707ad39721a40b267df5550

    • Size

      397KB

    • MD5

      8be443c782672be0a7a927d1b89f6408

    • SHA1

      6dc62bc6947124d955a9301428808f408bed7f69

    • SHA256

      cbf1a81000539962cc686ae34114ba3424f7fa408707ad39721a40b267df5550

    • SHA512

      d79eee8cf64702c27bb463651b49bec9dd414f0465b29edf09a70cf9214f0f84ec4d54164ff27779bf647d6c0dd87a1da8abfdde07e2adffc3a48f334a83ac1d

    • SSDEEP

      6144:3ztz+pkxdf3MWHO6/SmQku6cIkUvcMXSiJzVThxE2P77hRBhzkh:3z5+pkxl3w6/rlcMXHHLnnhLhz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks