General

  • Target

    1c4f890d7542fd5161294de86d99531eaaab2f2f7385408af5583f8b24fdc2a6

  • Size

    342KB

  • Sample

    230810-mqm8asca33

  • MD5

    afe0c6a7bbc9c1f9ec761c6f48a8e96b

  • SHA1

    41c810784c2dac775a6e8baa7a555a6c64e4d99a

  • SHA256

    1c4f890d7542fd5161294de86d99531eaaab2f2f7385408af5583f8b24fdc2a6

  • SHA512

    f092aa70b171e1c35ee780cfc538a287df9d3fd3de9cb90459b7fcb1c7656e45e58255f2a96d7323704cfd259fc604acf33db62bb596816e665dde07b0fe213b

  • SSDEEP

    6144:Haz3jF4UbK5w2nEiR+FD1yrb8GSuhf9aDlOtwS:HaDaUgwuEiR+FD1yrb8Gd8DCwS

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      1c4f890d7542fd5161294de86d99531eaaab2f2f7385408af5583f8b24fdc2a6

    • Size

      342KB

    • MD5

      afe0c6a7bbc9c1f9ec761c6f48a8e96b

    • SHA1

      41c810784c2dac775a6e8baa7a555a6c64e4d99a

    • SHA256

      1c4f890d7542fd5161294de86d99531eaaab2f2f7385408af5583f8b24fdc2a6

    • SHA512

      f092aa70b171e1c35ee780cfc538a287df9d3fd3de9cb90459b7fcb1c7656e45e58255f2a96d7323704cfd259fc604acf33db62bb596816e665dde07b0fe213b

    • SSDEEP

      6144:Haz3jF4UbK5w2nEiR+FD1yrb8GSuhf9aDlOtwS:HaDaUgwuEiR+FD1yrb8Gd8DCwS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks