General

  • Target

    740fe7aa940c0e23a6bdb2cff01204f5a0dd66d158389b1fb6b4206076271e1d

  • Size

    390KB

  • Sample

    230805-dp9kgafd48

  • MD5

    4cbf6eb5f5920e11cab73dafe5e0e0b9

  • SHA1

    5c15f06f971107cfa43edb07f11243092a3aeb9d

  • SHA256

    740fe7aa940c0e23a6bdb2cff01204f5a0dd66d158389b1fb6b4206076271e1d

  • SHA512

    613d075d13b6b49ab11a8f7d9aee503eb5c8c9d429d2c4983a348e8c9100731270fe4a12f8a25e74b1f00c15dca3036e3fc726fbe9dc10be2a1d9612338cf7d0

  • SSDEEP

    3072:mUjNDfqjwwnfNkgtoVm1Tm3TzEpZOku1+vx7VXmvVnGbwklnOwhJGy1HihXL8+pa:/pGjwkNkOelTzE6jckvHkh9nGb9jcm

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      740fe7aa940c0e23a6bdb2cff01204f5a0dd66d158389b1fb6b4206076271e1d

    • Size

      390KB

    • MD5

      4cbf6eb5f5920e11cab73dafe5e0e0b9

    • SHA1

      5c15f06f971107cfa43edb07f11243092a3aeb9d

    • SHA256

      740fe7aa940c0e23a6bdb2cff01204f5a0dd66d158389b1fb6b4206076271e1d

    • SHA512

      613d075d13b6b49ab11a8f7d9aee503eb5c8c9d429d2c4983a348e8c9100731270fe4a12f8a25e74b1f00c15dca3036e3fc726fbe9dc10be2a1d9612338cf7d0

    • SSDEEP

      3072:mUjNDfqjwwnfNkgtoVm1Tm3TzEpZOku1+vx7VXmvVnGbwklnOwhJGy1HihXL8+pa:/pGjwkNkOelTzE6jckvHkh9nGb9jcm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks