General

  • Target

    bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789_JC.exe

  • Size

    335KB

  • Sample

    230813-mkcvdadb4z

  • MD5

    38484b1d577ecf98fed9e4eab2ada142

  • SHA1

    ece6dc7f8b098151067d66edbbf10a7730bc725b

  • SHA256

    bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789

  • SHA512

    3bfbed508703dd92e37871b1d4f6475592c17cc9346c3fbd9b1bc3963e2feb0508c364b199ad88ee3a6e7b4c935ef02a0febf98b559be25c93ccefa9fcfc7d9a

  • SSDEEP

    6144:80Ai+LVGEleBgfZ/NsuD3tpCuedtjUHY9E0969:8VDMElFZ/NsuD3tpC1QHY9E0e

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789_JC.exe

    • Size

      335KB

    • MD5

      38484b1d577ecf98fed9e4eab2ada142

    • SHA1

      ece6dc7f8b098151067d66edbbf10a7730bc725b

    • SHA256

      bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789

    • SHA512

      3bfbed508703dd92e37871b1d4f6475592c17cc9346c3fbd9b1bc3963e2feb0508c364b199ad88ee3a6e7b4c935ef02a0febf98b559be25c93ccefa9fcfc7d9a

    • SSDEEP

      6144:80Ai+LVGEleBgfZ/NsuD3tpCuedtjUHY9E0969:8VDMElFZ/NsuD3tpC1QHY9E0e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks