General

  • Target

    1813a27cbc0a1821c6e9eafa250cf11a3d15b8eb0137fb5015810d9c6372843f

  • Size

    368KB

  • Sample

    230813-g4c2lahe22

  • MD5

    2232dafb245c7558334f2e0dd1ac8272

  • SHA1

    9e24b0140b84d4fcfd3d99c61bd6e7d169ece60b

  • SHA256

    1813a27cbc0a1821c6e9eafa250cf11a3d15b8eb0137fb5015810d9c6372843f

  • SHA512

    624c1ca442633f05b2668de230070822f7a50016c1ea0b82e0418168dcaa41f72fcff80bf6f874b23317451ce097fd79d07fb7ce9f1ff7a94072f6536c58579b

  • SSDEEP

    6144:55jGtLJ6ZEK8l6uD+Y2q8WyUxOhGJrVAXviyQ8d/UYt+2RRu7:5tGtN6ZEK8l6uD3uUxA+Miqd/hq

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      1813a27cbc0a1821c6e9eafa250cf11a3d15b8eb0137fb5015810d9c6372843f

    • Size

      368KB

    • MD5

      2232dafb245c7558334f2e0dd1ac8272

    • SHA1

      9e24b0140b84d4fcfd3d99c61bd6e7d169ece60b

    • SHA256

      1813a27cbc0a1821c6e9eafa250cf11a3d15b8eb0137fb5015810d9c6372843f

    • SHA512

      624c1ca442633f05b2668de230070822f7a50016c1ea0b82e0418168dcaa41f72fcff80bf6f874b23317451ce097fd79d07fb7ce9f1ff7a94072f6536c58579b

    • SSDEEP

      6144:55jGtLJ6ZEK8l6uD+Y2q8WyUxOhGJrVAXviyQ8d/UYt+2RRu7:5tGtN6ZEK8l6uD3uUxA+Miqd/hq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks