redline | aaefdf3b3457cf7b732597a4ba746a2054d3b28677b18edc3ddb7c6c3d51de9d | Triage

Sharing

General

Target

aaefdf3b3457cf7b732597a4ba746a2054d3b28677b18edc3ddb7c6c3d51de9d
Size

392KB
Sample

230804-yh9l4sea94
MD5

9fc415b4c69dc824054a3b43f17dc2c5
SHA1

a321e50933c447fd0e6ae869db24731cd0c7d48a
SHA256

aaefdf3b3457cf7b732597a4ba746a2054d3b28677b18edc3ddb7c6c3d51de9d
SHA512

7c10f3f7dd8efa5017d66475a6887b1d140c48ec2b2b5d3992b369b8d0b022384c6a446bd0d30c424f12e3797340fd0e8bd0b078ecac1b56f56a4d4b129b81ef
SSDEEP

6144:svx9EWh2J5mkky32/JlmoIo2T+1bpduZIEk9wGIZ:s59EW4ukky3UNxzpkCjjIZ

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes

auth_value
3a050df92d0cf082b2cdaf87863616be

Targets

- Target
  
  aaefdf3b3457cf7b732597a4ba746a2054d3b28677b18edc3ddb7c6c3d51de9d
- Size
  
  392KB
- MD5
  
  9fc415b4c69dc824054a3b43f17dc2c5
- SHA1
  
  a321e50933c447fd0e6ae869db24731cd0c7d48a
- SHA256
  
  aaefdf3b3457cf7b732597a4ba746a2054d3b28677b18edc3ddb7c6c3d51de9d
- SHA512
  
  7c10f3f7dd8efa5017d66475a6887b1d140c48ec2b2b5d3992b369b8d0b022384c6a446bd0d30c424f12e3797340fd0e8bd0b078ecac1b56f56a4d4b129b81ef
- SSDEEP
  
  6144:svx9EWh2J5mkky32/JlmoIo2T+1bpduZIEk9wGIZ:s59EW4ukky3UNxzpkCjjIZ
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)infostealerspywarestealer