General

  • Target

    2256-292-0x0000000003F60000-0x0000000003F94000-memory.dmp

  • Size

    208KB

  • Sample

    230811-bw1j2abg6v

  • MD5

    4a4ec3d54d7ab72c1103fa6717f008fb

  • SHA1

    b85beb112468ba030173117fcbe600f69eaae400

  • SHA256

    a9917e65b1a4eed5087549276e9038bbd3f880e8f5e42c7ee7282bceccb1ae4e

  • SHA512

    0a6438540b871d1e85b2f4f65b673c9d6e9b1485e3384e26a1117c48f6c226317f41923762dc4902564f5021417808d317cb4e44590f232179032d6c15cae41a

  • SSDEEP

    3072:c2d6mtyOf3YItpGVH1/W92Ve/eV+9wdLxwafS8e8hq:x6mtyOgItpGgD/eUmZS

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

136.244.98.226:33587

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      2256-292-0x0000000003F60000-0x0000000003F94000-memory.dmp

    • Size

      208KB

    • MD5

      4a4ec3d54d7ab72c1103fa6717f008fb

    • SHA1

      b85beb112468ba030173117fcbe600f69eaae400

    • SHA256

      a9917e65b1a4eed5087549276e9038bbd3f880e8f5e42c7ee7282bceccb1ae4e

    • SHA512

      0a6438540b871d1e85b2f4f65b673c9d6e9b1485e3384e26a1117c48f6c226317f41923762dc4902564f5021417808d317cb4e44590f232179032d6c15cae41a

    • SSDEEP

      3072:c2d6mtyOf3YItpGVH1/W92Ve/eV+9wdLxwafS8e8hq:x6mtyOgItpGgD/eUmZS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks