General

  • Target

    616f2b4e0a9b5e8bfa89441c7919275b3f41930a200380de4a32bda40b77b6b5

  • Size

    416KB

  • Sample

    230805-z9fnsagb9w

  • MD5

    94a08c7d264c072ff9d3478df298ad0f

  • SHA1

    06364c5224f966ea9cd9cf30500348cd7e9d6ae0

  • SHA256

    616f2b4e0a9b5e8bfa89441c7919275b3f41930a200380de4a32bda40b77b6b5

  • SHA512

    e50fe30ac3e18f6071030e7cd5550edbd4ee90aad7637649f789e463f4320e959f21f6ef053bac5a8537a0e36e8cac914427c21af7dd96ef28f29ab03f2207b3

  • SSDEEP

    3072:wfq9UEPjgstGA4j5tgOD/5h72tIqRR65MyWmTT1GMOOo4Fqyv164qUa61gYfXRMz:izIkcRS+ODb72uqRRqWVSFtvq5YfXRe

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      616f2b4e0a9b5e8bfa89441c7919275b3f41930a200380de4a32bda40b77b6b5

    • Size

      416KB

    • MD5

      94a08c7d264c072ff9d3478df298ad0f

    • SHA1

      06364c5224f966ea9cd9cf30500348cd7e9d6ae0

    • SHA256

      616f2b4e0a9b5e8bfa89441c7919275b3f41930a200380de4a32bda40b77b6b5

    • SHA512

      e50fe30ac3e18f6071030e7cd5550edbd4ee90aad7637649f789e463f4320e959f21f6ef053bac5a8537a0e36e8cac914427c21af7dd96ef28f29ab03f2207b3

    • SSDEEP

      3072:wfq9UEPjgstGA4j5tgOD/5h72tIqRR65MyWmTT1GMOOo4Fqyv164qUa61gYfXRMz:izIkcRS+ODb72uqRRqWVSFtvq5YfXRe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks