General

  • Target

    10cecdccc035aaf0a7f002efa763a9d508cb2730bf0f783478405f97f8a49665

  • Size

    365KB

  • Sample

    230806-qzjs1sbg61

  • MD5

    26693702ebc56bd3c32bebf1d919b7df

  • SHA1

    8dfd0068af1f455471fa9f21dd889ec1710946ae

  • SHA256

    10cecdccc035aaf0a7f002efa763a9d508cb2730bf0f783478405f97f8a49665

  • SHA512

    aa583d3303b38db04d179198a24b664d755ae9ebd72355ebfd657989e8c88b39ebaa85c63e68ee1deabe5f136ad4901431c72f18d8f6a26164da7f055d300e5e

  • SSDEEP

    6144:/yKaR/w0Tf5XydZCmyUbFB7jC7JWsumDM/EqB1p8H:/P8wgokmywb7aJWsuOM/Eopy

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      10cecdccc035aaf0a7f002efa763a9d508cb2730bf0f783478405f97f8a49665

    • Size

      365KB

    • MD5

      26693702ebc56bd3c32bebf1d919b7df

    • SHA1

      8dfd0068af1f455471fa9f21dd889ec1710946ae

    • SHA256

      10cecdccc035aaf0a7f002efa763a9d508cb2730bf0f783478405f97f8a49665

    • SHA512

      aa583d3303b38db04d179198a24b664d755ae9ebd72355ebfd657989e8c88b39ebaa85c63e68ee1deabe5f136ad4901431c72f18d8f6a26164da7f055d300e5e

    • SSDEEP

      6144:/yKaR/w0Tf5XydZCmyUbFB7jC7JWsumDM/EqB1p8H:/P8wgokmywb7aJWsuOM/Eopy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks