General

  • Target

    d146edf9a86f3040e1ea98d4500318c31f272759e492776f221ef68bc8abd465

  • Size

    329KB

  • Sample

    230809-25pf8sgb46

  • MD5

    2a7af65043fcd0389a23477a9a0feff6

  • SHA1

    59964a9d2433eef62ea3145d0774f14fdd4b457b

  • SHA256

    d146edf9a86f3040e1ea98d4500318c31f272759e492776f221ef68bc8abd465

  • SHA512

    39ee6bf8058fbadcf2b9580f65bc0814128bf74085aa10fbcaa357eb6f85456265aad02c62e537d1bf0bda3796d5245a595798e4c38144b24e23fd78b9bcaeb8

  • SSDEEP

    6144:AJem4L1yuyiasHKJh8CrdRJdMDVQfhwa9ot/VSUfxgO:AJoouym29JdVwrNTf/

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      d146edf9a86f3040e1ea98d4500318c31f272759e492776f221ef68bc8abd465

    • Size

      329KB

    • MD5

      2a7af65043fcd0389a23477a9a0feff6

    • SHA1

      59964a9d2433eef62ea3145d0774f14fdd4b457b

    • SHA256

      d146edf9a86f3040e1ea98d4500318c31f272759e492776f221ef68bc8abd465

    • SHA512

      39ee6bf8058fbadcf2b9580f65bc0814128bf74085aa10fbcaa357eb6f85456265aad02c62e537d1bf0bda3796d5245a595798e4c38144b24e23fd78b9bcaeb8

    • SSDEEP

      6144:AJem4L1yuyiasHKJh8CrdRJdMDVQfhwa9ot/VSUfxgO:AJoouym29JdVwrNTf/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks