General

  • Target

    ec1553d547a9d3837f888777788f25359c65c94f4f84ef06982f4a1dcf82648e

  • Size

    327KB

  • Sample

    230809-3by91shf8x

  • MD5

    fd9e608044f23ba72b848239b0f24e82

  • SHA1

    a7d3ec244c0a6e9e1e7af94d24fbd3ea8c9f972a

  • SHA256

    ec1553d547a9d3837f888777788f25359c65c94f4f84ef06982f4a1dcf82648e

  • SHA512

    264bb8c65ec9f2c11291a56caf70c309e00fc917711c26c56c98efa2d518ddf000b592552408f2185da52fcf681046dbdcfda35b3d056892263b559a9b63ecb1

  • SSDEEP

    6144:+jAtL2OkPhKTNMkyD83+3ui46cRE4SZnydQ1SoLF:+jYKOWhKRMjl46c09ygSo5

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      ec1553d547a9d3837f888777788f25359c65c94f4f84ef06982f4a1dcf82648e

    • Size

      327KB

    • MD5

      fd9e608044f23ba72b848239b0f24e82

    • SHA1

      a7d3ec244c0a6e9e1e7af94d24fbd3ea8c9f972a

    • SHA256

      ec1553d547a9d3837f888777788f25359c65c94f4f84ef06982f4a1dcf82648e

    • SHA512

      264bb8c65ec9f2c11291a56caf70c309e00fc917711c26c56c98efa2d518ddf000b592552408f2185da52fcf681046dbdcfda35b3d056892263b559a9b63ecb1

    • SSDEEP

      6144:+jAtL2OkPhKTNMkyD83+3ui46cRE4SZnydQ1SoLF:+jYKOWhKRMjl46c09ygSo5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks