General

  • Target

    588782bef186ffcc7edf72dbcec002384736cfbba40eafde8a3c17a83e88ac81

  • Size

    415KB

  • Sample

    230806-f1v8bsga68

  • MD5

    00dcb90ca6f1b68a795dd0fb80b00246

  • SHA1

    b64507d9467d4969fe96a4092d936bd15fec6d31

  • SHA256

    588782bef186ffcc7edf72dbcec002384736cfbba40eafde8a3c17a83e88ac81

  • SHA512

    a720b26e050794cdb28243237fa7baf7b3e9dea6109b628514309ed6ec9c4268ef705104a520fa09fbee42af8df1b1b8bee946488e6413cee00ea701555a5f4f

  • SSDEEP

    3072:tH2dU4HUgQQkIj5O8/dMcefockgRFandM7TmIZLrj93vtdL8+tNp2rKm9VAMl9T:hnYPJkCO8/dioFgRcMTmcxfVWFYe

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      588782bef186ffcc7edf72dbcec002384736cfbba40eafde8a3c17a83e88ac81

    • Size

      415KB

    • MD5

      00dcb90ca6f1b68a795dd0fb80b00246

    • SHA1

      b64507d9467d4969fe96a4092d936bd15fec6d31

    • SHA256

      588782bef186ffcc7edf72dbcec002384736cfbba40eafde8a3c17a83e88ac81

    • SHA512

      a720b26e050794cdb28243237fa7baf7b3e9dea6109b628514309ed6ec9c4268ef705104a520fa09fbee42af8df1b1b8bee946488e6413cee00ea701555a5f4f

    • SSDEEP

      3072:tH2dU4HUgQQkIj5O8/dMcefockgRFandM7TmIZLrj93vtdL8+tNp2rKm9VAMl9T:hnYPJkCO8/dioFgRcMTmcxfVWFYe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks