General

  • Target

    2156-193-0x0000000003920000-0x0000000003954000-memory.dmp

  • Size

    208KB

  • Sample

    230813-s8b6msdc52

  • MD5

    1f2b84a69f4cf0466dd11001e3c750eb

  • SHA1

    bb7ce2fe3b24e654206a125129ecf8d3404b9885

  • SHA256

    345c97d7cde625e78a1600a0994ce2efb98824bf8bb5a1e9dd4e46f48925972a

  • SHA512

    7484e4ef081aca76b54a2b556c61bb8b985e45421e43553118d5401f5d9586532428fa4b4eb7146228c08d2f9e68a3b0070f890762a2692084870bdf980fdb4a

  • SSDEEP

    3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      2156-193-0x0000000003920000-0x0000000003954000-memory.dmp

    • Size

      208KB

    • MD5

      1f2b84a69f4cf0466dd11001e3c750eb

    • SHA1

      bb7ce2fe3b24e654206a125129ecf8d3404b9885

    • SHA256

      345c97d7cde625e78a1600a0994ce2efb98824bf8bb5a1e9dd4e46f48925972a

    • SHA512

      7484e4ef081aca76b54a2b556c61bb8b985e45421e43553118d5401f5d9586532428fa4b4eb7146228c08d2f9e68a3b0070f890762a2692084870bdf980fdb4a

    • SSDEEP

      3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks