General

  • Target

    64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b

  • Size

    342KB

  • Sample

    230810-mdbczadg51

  • MD5

    cada2c2f50561922240c0a702fe9d1d5

  • SHA1

    1f8b0d465c4dafdb793f40f59b11a4afe17359eb

  • SHA256

    64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b

  • SHA512

    fa1e7f4af57e90a0dbb07ecfa53bf746a381892beedeca018f731583fd9ef4c55bc242def5f10b6bd18d0d0cec50c4d93b3a3ffc70ad43e72daaccfbc2fe398f

  • SSDEEP

    6144:Daz3jF4UbK5PMIapGB2R1+OvluuYwSGDt5+IjRFvDJj5u:DaDaUgaRKOjHS8+IjRFd8

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b

    • Size

      342KB

    • MD5

      cada2c2f50561922240c0a702fe9d1d5

    • SHA1

      1f8b0d465c4dafdb793f40f59b11a4afe17359eb

    • SHA256

      64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b

    • SHA512

      fa1e7f4af57e90a0dbb07ecfa53bf746a381892beedeca018f731583fd9ef4c55bc242def5f10b6bd18d0d0cec50c4d93b3a3ffc70ad43e72daaccfbc2fe398f

    • SSDEEP

      6144:Daz3jF4UbK5PMIapGB2R1+OvluuYwSGDt5+IjRFvDJj5u:DaDaUgaRKOjHS8+IjRFd8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks