General

  • Target

    2604-60-0x00000000040A0000-0x00000000040D4000-memory.dmp

  • Size

    208KB

  • Sample

    230809-bv39jaab7t

  • MD5

    55400154f9e4d1ae8fbf2dd4273c1ac4

  • SHA1

    ad3718288b6605f90f4d51044300f8d00ac76332

  • SHA256

    6520652b18e94dea4676f04231c8c244f15dfc83a52bc6fa65dbf388138bf38d

  • SHA512

    5b53e0c9e1a7fffbf682bb4ae8f8ba47689584d05a8e766d874959fd674560926b0c0c055de226b97a7d02395afd212b5a964bf7f691a8e8253aa9a8ce47bb3c

  • SSDEEP

    3072:4eG4mt57f3YInEGK2U/YetUBaVa0b6AyM9w+Zxwak8e8hV/:S4mt57gInEG3YetMb6O

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      2604-60-0x00000000040A0000-0x00000000040D4000-memory.dmp

    • Size

      208KB

    • MD5

      55400154f9e4d1ae8fbf2dd4273c1ac4

    • SHA1

      ad3718288b6605f90f4d51044300f8d00ac76332

    • SHA256

      6520652b18e94dea4676f04231c8c244f15dfc83a52bc6fa65dbf388138bf38d

    • SHA512

      5b53e0c9e1a7fffbf682bb4ae8f8ba47689584d05a8e766d874959fd674560926b0c0c055de226b97a7d02395afd212b5a964bf7f691a8e8253aa9a8ce47bb3c

    • SSDEEP

      3072:4eG4mt57f3YInEGK2U/YetUBaVa0b6AyM9w+Zxwak8e8hV/:S4mt57gInEG3YetMb6O

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks