General

  • Target

    2784-58-0x0000000001C90000-0x0000000001CC4000-memory.dmp

  • Size

    208KB

  • Sample

    230813-e7gsvabb7y

  • MD5

    c80f9c6f001896ef612e849a8f694aae

  • SHA1

    65928889fcafadf0b4b4e667be273b1f7cf96a90

  • SHA256

    eecc72d20c70deb80dcac3ea5fa59f5ed275ce1bd52da9e6901584dd980be9e7

  • SHA512

    d6deb3cde7c353467aa965085a8a364c52abf990dcaf8bb1399e38b039dfcd52b78fe5b72f341df70e8300bb9be8178d9d87a1ca264055cbe011d0668c9910c7

  • SSDEEP

    3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      2784-58-0x0000000001C90000-0x0000000001CC4000-memory.dmp

    • Size

      208KB

    • MD5

      c80f9c6f001896ef612e849a8f694aae

    • SHA1

      65928889fcafadf0b4b4e667be273b1f7cf96a90

    • SHA256

      eecc72d20c70deb80dcac3ea5fa59f5ed275ce1bd52da9e6901584dd980be9e7

    • SHA512

      d6deb3cde7c353467aa965085a8a364c52abf990dcaf8bb1399e38b039dfcd52b78fe5b72f341df70e8300bb9be8178d9d87a1ca264055cbe011d0668c9910c7

    • SSDEEP

      3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks