General

  • Target

    b93de22ea3800e50f039f67d74b15df1a8a890c2e1273eff6e1f4181acad9715

  • Size

    385KB

  • Sample

    230805-qyt8csec6w

  • MD5

    2a2383d1565e573dfe337637b24a701d

  • SHA1

    864124194aedc7a741a2e3a19c2279d9087cf726

  • SHA256

    b93de22ea3800e50f039f67d74b15df1a8a890c2e1273eff6e1f4181acad9715

  • SHA512

    b379b01dfa4274742fbb4b2b3363d0467c919042adf6841bfb90340c737bba46f85a66abec6ffc26f5c5e518b0a28b48824f5dfa03b0f9169c34a3dbc7fe92fa

  • SSDEEP

    6144:GqGtt+HPAC/BAkoBa4vVMbfB2ZujFU0xO:GxtcvACu/twfB22U

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      b93de22ea3800e50f039f67d74b15df1a8a890c2e1273eff6e1f4181acad9715

    • Size

      385KB

    • MD5

      2a2383d1565e573dfe337637b24a701d

    • SHA1

      864124194aedc7a741a2e3a19c2279d9087cf726

    • SHA256

      b93de22ea3800e50f039f67d74b15df1a8a890c2e1273eff6e1f4181acad9715

    • SHA512

      b379b01dfa4274742fbb4b2b3363d0467c919042adf6841bfb90340c737bba46f85a66abec6ffc26f5c5e518b0a28b48824f5dfa03b0f9169c34a3dbc7fe92fa

    • SSDEEP

      6144:GqGtt+HPAC/BAkoBa4vVMbfB2ZujFU0xO:GxtcvACu/twfB22U

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks