General

  • Target

    0d41274a4b8dbcfa9e55b9359390d36d61a07cadbbe881911d8fe81276f0d8a9

  • Size

    329KB

  • Sample

    230809-jhsahahf88

  • MD5

    18b66938cc63df846168186f9e4fd60f

  • SHA1

    6524559190e8a84a13bace4e7972b51f68f2ec6c

  • SHA256

    0d41274a4b8dbcfa9e55b9359390d36d61a07cadbbe881911d8fe81276f0d8a9

  • SHA512

    38ce41dd22eb0a5d92e2a86ce11ac16553e0d8429db7a1e45889012dea3ce701b67c0ca828cc43ea2284a3c36c8c403f4128c3756b38e5c459bbe17e863d1540

  • SSDEEP

    6144:gaWpMpL8gU0PnHszaf1vpc4U6vn8yP86lMHNcOzrz:g5CnU09fDc4dv8yP86lMHNcOD

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      0d41274a4b8dbcfa9e55b9359390d36d61a07cadbbe881911d8fe81276f0d8a9

    • Size

      329KB

    • MD5

      18b66938cc63df846168186f9e4fd60f

    • SHA1

      6524559190e8a84a13bace4e7972b51f68f2ec6c

    • SHA256

      0d41274a4b8dbcfa9e55b9359390d36d61a07cadbbe881911d8fe81276f0d8a9

    • SHA512

      38ce41dd22eb0a5d92e2a86ce11ac16553e0d8429db7a1e45889012dea3ce701b67c0ca828cc43ea2284a3c36c8c403f4128c3756b38e5c459bbe17e863d1540

    • SSDEEP

      6144:gaWpMpL8gU0PnHszaf1vpc4U6vn8yP86lMHNcOzrz:g5CnU09fDc4dv8yP86lMHNcOD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks