General

  • Target

    f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19

  • Size

    328KB

  • Sample

    230809-xn2ysage3x

  • MD5

    d6588cee793541c86c76c5d31e6f0d6b

  • SHA1

    2ad89e9dea0fb47bd8f3067b6724f7e0765bfe14

  • SHA256

    f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19

  • SHA512

    12f582618650d5c04ec7eea9ce9347fea1f67e7b5c19723bcae2c7f1a9192fe3cb26e91ffe4637ab05ae776ffff34223d874a50fe168e2ddd888344edf2d5047

  • SSDEEP

    6144:smGPYXcHLC74GCJsn2KYoHqSrRY9PIZ+rJ3rD70ayN+nH9pdfdOkJB1:smGPbJGCJzKYz9e+d3r3mN+HLxr1

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19

    • Size

      328KB

    • MD5

      d6588cee793541c86c76c5d31e6f0d6b

    • SHA1

      2ad89e9dea0fb47bd8f3067b6724f7e0765bfe14

    • SHA256

      f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19

    • SHA512

      12f582618650d5c04ec7eea9ce9347fea1f67e7b5c19723bcae2c7f1a9192fe3cb26e91ffe4637ab05ae776ffff34223d874a50fe168e2ddd888344edf2d5047

    • SSDEEP

      6144:smGPYXcHLC74GCJsn2KYoHqSrRY9PIZ+rJ3rD70ayN+nH9pdfdOkJB1:smGPbJGCJzKYz9e+d3r3mN+HLxr1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks