General

  • Target

    5aa4fe895ffe3c4670bf05338824efb4dc5d73fbe387c265ee94d0b983a04fe0

  • Size

    386KB

  • Sample

    230805-w12ywadh37

  • MD5

    6f237ce8e0dfd69a6f082b3ae3429a8e

  • SHA1

    61d0bde4ac2fdda3b399b6da7c9d0c4eb6c37464

  • SHA256

    5aa4fe895ffe3c4670bf05338824efb4dc5d73fbe387c265ee94d0b983a04fe0

  • SHA512

    dc4e42d5976b8f83f6910570ce03e4caf35941d730f43757de0952c4b76e6ebd42c6b2430ffbfeea7e1ad5fc21abb85ee7e164e54a8b78f6853523a19ffa04a1

  • SSDEEP

    6144:nOnOmG42S+XVXqUb+yvsctSx3PxtAxfH04a3QKb0iSe:nIOHrSsVXzUvxmNkci

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      5aa4fe895ffe3c4670bf05338824efb4dc5d73fbe387c265ee94d0b983a04fe0

    • Size

      386KB

    • MD5

      6f237ce8e0dfd69a6f082b3ae3429a8e

    • SHA1

      61d0bde4ac2fdda3b399b6da7c9d0c4eb6c37464

    • SHA256

      5aa4fe895ffe3c4670bf05338824efb4dc5d73fbe387c265ee94d0b983a04fe0

    • SHA512

      dc4e42d5976b8f83f6910570ce03e4caf35941d730f43757de0952c4b76e6ebd42c6b2430ffbfeea7e1ad5fc21abb85ee7e164e54a8b78f6853523a19ffa04a1

    • SSDEEP

      6144:nOnOmG42S+XVXqUb+yvsctSx3PxtAxfH04a3QKb0iSe:nIOHrSsVXzUvxmNkci

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks