General

  • Target

    960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7_JC.exe

  • Size

    321KB

  • Sample

    230813-l6caasch31

  • MD5

    b2cea271a9a86385fd6a9fed011763c6

  • SHA1

    87708f998dc9764ec0a795d86c25bbc82b542521

  • SHA256

    960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7

  • SHA512

    381129c51bd8d88aefd44b6e64b50200334b5b5af5b48492c005c2a7b6fee89d863cef7840fae4ebba1fb7f6af19d7686ecdb0eb40a9b1cd338b392d45f10d2f

  • SSDEEP

    6144:1U92WLc38mkQbr0/WH+HHikm1//ozCkE2LG1K0lnOq:+JY38mZcuH+nikU/z2GnlP

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7_JC.exe

    • Size

      321KB

    • MD5

      b2cea271a9a86385fd6a9fed011763c6

    • SHA1

      87708f998dc9764ec0a795d86c25bbc82b542521

    • SHA256

      960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7

    • SHA512

      381129c51bd8d88aefd44b6e64b50200334b5b5af5b48492c005c2a7b6fee89d863cef7840fae4ebba1fb7f6af19d7686ecdb0eb40a9b1cd338b392d45f10d2f

    • SSDEEP

      6144:1U92WLc38mkQbr0/WH+HHikm1//ozCkE2LG1K0lnOq:+JY38mZcuH+nikU/z2GnlP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks