General

  • Target

    file.exe

  • Size

    342KB

  • Sample

    230810-gf2p2sca4v

  • MD5

    b2534147f012bc4261991a624fe630ac

  • SHA1

    9fc859161d45058934a5c23bb9e5e720809e743e

  • SHA256

    48bf5f6350416143aea0be69b22c1e45d6c4515048c199b7c8234715f244594b

  • SHA512

    afe805d8209a75a4ce56057ad03e7abf40bbf9c30222046e3192e0012859b6546addaccab0241899c9df0521120c97f2b6bad77fce15a61f9d236b11e3c8e550

  • SSDEEP

    6144:Tt3ieFu2VuKLeamNPjYoYrBjnGx/RyN2GqYCpSdiWUlLjIAwp:Tt1uoDK9N3YrFGxpyNUYCpwSlC

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      342KB

    • MD5

      b2534147f012bc4261991a624fe630ac

    • SHA1

      9fc859161d45058934a5c23bb9e5e720809e743e

    • SHA256

      48bf5f6350416143aea0be69b22c1e45d6c4515048c199b7c8234715f244594b

    • SHA512

      afe805d8209a75a4ce56057ad03e7abf40bbf9c30222046e3192e0012859b6546addaccab0241899c9df0521120c97f2b6bad77fce15a61f9d236b11e3c8e550

    • SSDEEP

      6144:Tt3ieFu2VuKLeamNPjYoYrBjnGx/RyN2GqYCpSdiWUlLjIAwp:Tt1uoDK9N3YrFGxpyNUYCpwSlC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks