General

  • Target

    3e0090e33fe06c12361befd88806ac8f0d1aa103608c8ce781fb0933e6ca356d

  • Size

    426KB

  • Sample

    230805-ws1e3sfc5v

  • MD5

    b66a9f7dbaaa74d448df287c599590ce

  • SHA1

    3dd8f1e53b5c0e79d4fd5b1a85454edbb2ab2d4e

  • SHA256

    3e0090e33fe06c12361befd88806ac8f0d1aa103608c8ce781fb0933e6ca356d

  • SHA512

    dc69ec3120b50bdf502cf083e3a95640ef7caf95a5e0d7ba64a787e6a24ef4597fbff04def44e15676b8dc62595e4cf1d67dce9ad358c4bfe9eec1e1d8a38030

  • SSDEEP

    6144:nBPFSsqWE3fZNnoruP2pY63Nfs4I5d6Cmooe:nBwdpfzoecYSyd5d60

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      3e0090e33fe06c12361befd88806ac8f0d1aa103608c8ce781fb0933e6ca356d

    • Size

      426KB

    • MD5

      b66a9f7dbaaa74d448df287c599590ce

    • SHA1

      3dd8f1e53b5c0e79d4fd5b1a85454edbb2ab2d4e

    • SHA256

      3e0090e33fe06c12361befd88806ac8f0d1aa103608c8ce781fb0933e6ca356d

    • SHA512

      dc69ec3120b50bdf502cf083e3a95640ef7caf95a5e0d7ba64a787e6a24ef4597fbff04def44e15676b8dc62595e4cf1d67dce9ad358c4bfe9eec1e1d8a38030

    • SSDEEP

      6144:nBPFSsqWE3fZNnoruP2pY63Nfs4I5d6Cmooe:nBwdpfzoecYSyd5d60

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks