General

  • Target

    4b75218d0d6d3414d7fefc7f6f2ec9587ac1b9a9bd4c40a7558a6f53c8d123a5

  • Size

    328KB

  • Sample

    230809-x14yxage8x

  • MD5

    6dc8b444f04a8e30c0f1bcfe3cacad3a

  • SHA1

    2fb338857c4d67faf9d821a05b6ca816465edcb9

  • SHA256

    4b75218d0d6d3414d7fefc7f6f2ec9587ac1b9a9bd4c40a7558a6f53c8d123a5

  • SHA512

    405a3fcbfc26ea594e18e6150a19b2467ed99eb49c00b2d239f088ddd16b3e00fd62d674dba22d2a4e9e666768fd03c71b7d29e27b0c0e415cf9fe37b059c4d7

  • SSDEEP

    6144:FtOXPdBL6WBdZ7gPLm/l6A3CRaupTN9OrZFt8rLssuw+2cQf:FtOTHBdZ78r/9lr41Gf

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      4b75218d0d6d3414d7fefc7f6f2ec9587ac1b9a9bd4c40a7558a6f53c8d123a5

    • Size

      328KB

    • MD5

      6dc8b444f04a8e30c0f1bcfe3cacad3a

    • SHA1

      2fb338857c4d67faf9d821a05b6ca816465edcb9

    • SHA256

      4b75218d0d6d3414d7fefc7f6f2ec9587ac1b9a9bd4c40a7558a6f53c8d123a5

    • SHA512

      405a3fcbfc26ea594e18e6150a19b2467ed99eb49c00b2d239f088ddd16b3e00fd62d674dba22d2a4e9e666768fd03c71b7d29e27b0c0e415cf9fe37b059c4d7

    • SSDEEP

      6144:FtOXPdBL6WBdZ7gPLm/l6A3CRaupTN9OrZFt8rLssuw+2cQf:FtOTHBdZ78r/9lr41Gf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks