General

  • Target

    dc59d0926b01cf75ce4c924ab75ad002f7a3e0a2891e5f03c70f41334ec32a1f

  • Size

    329KB

  • Sample

    230809-ph3dcscg9x

  • MD5

    9be3b7b116d6c1b0b78b65294bd0c728

  • SHA1

    b09b90cc387686661103c631f24212903aea259b

  • SHA256

    dc59d0926b01cf75ce4c924ab75ad002f7a3e0a2891e5f03c70f41334ec32a1f

  • SHA512

    f32617790023dce865014d22809965daba225d9bfe3ce78349f96a74b9eda4f7200bf9278a6719e2db258c34aff497566bda82c8670bd2dd304e7cf1cced6948

  • SSDEEP

    6144:T4mR5PI+LhGBQE/fLOcMv1uSbDxUoQbvg/15ey/OReL6F8jLm:T4mR1IBQE77Q4SvuAzZWy7j6

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      dc59d0926b01cf75ce4c924ab75ad002f7a3e0a2891e5f03c70f41334ec32a1f

    • Size

      329KB

    • MD5

      9be3b7b116d6c1b0b78b65294bd0c728

    • SHA1

      b09b90cc387686661103c631f24212903aea259b

    • SHA256

      dc59d0926b01cf75ce4c924ab75ad002f7a3e0a2891e5f03c70f41334ec32a1f

    • SHA512

      f32617790023dce865014d22809965daba225d9bfe3ce78349f96a74b9eda4f7200bf9278a6719e2db258c34aff497566bda82c8670bd2dd304e7cf1cced6948

    • SSDEEP

      6144:T4mR5PI+LhGBQE/fLOcMv1uSbDxUoQbvg/15ey/OReL6F8jLm:T4mR1IBQE77Q4SvuAzZWy7j6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks