General

  • Target

    246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469_JC.exe

  • Size

    335KB

  • Sample

    230813-k9a1zacd2w

  • MD5

    d5fbc84f128e2f19c3ec80b201475c3a

  • SHA1

    922f95121467ec133ac1789aaa6f67fe1483fd36

  • SHA256

    246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469

  • SHA512

    6014c67d26ae44bd656120baf1bb99da4926c034ce33e7f94c147d5c14ab0ab3ab995e4399d0acba626d1b106a37a28680c5cfbc6e2eb7b88ae350bfaf88062e

  • SSDEEP

    3072:S9X0nIuy25LruLSMcNOUzSVI+98otMYcMMhPpGzRRhnYtTAXupdLw9QjULARKqB5:G0n55LwSOUzb+9RMEzPhYBMydnUL/q3

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469_JC.exe

    • Size

      335KB

    • MD5

      d5fbc84f128e2f19c3ec80b201475c3a

    • SHA1

      922f95121467ec133ac1789aaa6f67fe1483fd36

    • SHA256

      246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469

    • SHA512

      6014c67d26ae44bd656120baf1bb99da4926c034ce33e7f94c147d5c14ab0ab3ab995e4399d0acba626d1b106a37a28680c5cfbc6e2eb7b88ae350bfaf88062e

    • SSDEEP

      3072:S9X0nIuy25LruLSMcNOUzSVI+98otMYcMMhPpGzRRhnYtTAXupdLw9QjULARKqB5:G0n55LwSOUzb+9RMEzPhYBMydnUL/q3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks