General

  • Target

    fbda5ee9a8153d7dbf212771633558a1cc88a7dfcbd28f9cacebe47ebeccc47b

  • Size

    385KB

  • Sample

    230805-vecw7adf66

  • MD5

    2e04da78d260f0babb06e9f94ed10b89

  • SHA1

    f140663f9e81c69a49bd2693b946a32ad1179500

  • SHA256

    fbda5ee9a8153d7dbf212771633558a1cc88a7dfcbd28f9cacebe47ebeccc47b

  • SHA512

    1b9907d0bd879cc1687cb0673ad16832058fca22688c8c93d3d2205b7c1caa4bd979bdb0422f72ded332d34766612b2002285b2630f678b7018b9f5d13f3db43

  • SSDEEP

    6144:4zci/fdG6tcVs/GIZuSP0CVEepvfpy+8g4Gj41/d:4Ii/E6y6e+uSMCjpt8G6

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      fbda5ee9a8153d7dbf212771633558a1cc88a7dfcbd28f9cacebe47ebeccc47b

    • Size

      385KB

    • MD5

      2e04da78d260f0babb06e9f94ed10b89

    • SHA1

      f140663f9e81c69a49bd2693b946a32ad1179500

    • SHA256

      fbda5ee9a8153d7dbf212771633558a1cc88a7dfcbd28f9cacebe47ebeccc47b

    • SHA512

      1b9907d0bd879cc1687cb0673ad16832058fca22688c8c93d3d2205b7c1caa4bd979bdb0422f72ded332d34766612b2002285b2630f678b7018b9f5d13f3db43

    • SSDEEP

      6144:4zci/fdG6tcVs/GIZuSP0CVEepvfpy+8g4Gj41/d:4Ii/E6y6e+uSMCjpt8G6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks