General

  • Target

    c6073d65747d7e3b76ff11f374cad90df0de3bea896f94773f34e3d1d43f3908

  • Size

    397KB

  • Sample

    230804-v9hqxsdc39

  • MD5

    2fe2088abc352b75d5e0e30a2d3ea630

  • SHA1

    e60ef3664b9ea598fd4642d19c116afeea6130df

  • SHA256

    c6073d65747d7e3b76ff11f374cad90df0de3bea896f94773f34e3d1d43f3908

  • SHA512

    5538e4682b7531cb636c38d7510c743041af23ec741f62db5254e6dd664323da4fa47be60d236e661e2ff8854471f155ff3dc7f33fe5222d18f074e358225d5f

  • SSDEEP

    3072:aXowiX4Myc71Mzxprw3WBMSIonRv3dZBg8nzSNtRyoxVylfkduh6CeWCWd30gNB1:UaI8ez/ZMSI0FdUUzauuefJsWd30k

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      c6073d65747d7e3b76ff11f374cad90df0de3bea896f94773f34e3d1d43f3908

    • Size

      397KB

    • MD5

      2fe2088abc352b75d5e0e30a2d3ea630

    • SHA1

      e60ef3664b9ea598fd4642d19c116afeea6130df

    • SHA256

      c6073d65747d7e3b76ff11f374cad90df0de3bea896f94773f34e3d1d43f3908

    • SHA512

      5538e4682b7531cb636c38d7510c743041af23ec741f62db5254e6dd664323da4fa47be60d236e661e2ff8854471f155ff3dc7f33fe5222d18f074e358225d5f

    • SSDEEP

      3072:aXowiX4Myc71Mzxprw3WBMSIonRv3dZBg8nzSNtRyoxVylfkduh6CeWCWd30gNB1:UaI8ez/ZMSI0FdUUzauuefJsWd30k

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks