General

  • Target

    bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47

  • Size

    354KB

  • Sample

    230813-ztcxysgb5z

  • MD5

    b63b4a86b41b277f1e64e13cf0c5034b

  • SHA1

    5fbee9f9507e6665d49ff4dc8079a8ee724c94eb

  • SHA256

    bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47

  • SHA512

    161773d0c69552bc31c8c3a5fcd8e32b103dffd41f2b7ba14997b0eef5ca7e9b7956b9444c3f731ca2a65b78d528e2725e5ed5a71d2d600632d0a40b07b8732c

  • SSDEEP

    3072:fXHBbrLMnRN0JnR9eVnzfqwoZd48/dickrsMJttUDNa34L9AJzGePPUDa+591MIp:PRrLMnRmJn+zqryJt+Ne4Zz1MIfsb3+

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47

    • Size

      354KB

    • MD5

      b63b4a86b41b277f1e64e13cf0c5034b

    • SHA1

      5fbee9f9507e6665d49ff4dc8079a8ee724c94eb

    • SHA256

      bfaf519df17ea5055fd195bfc24f2622340e7cd7bdac00a391ccc5a2f47a4c47

    • SHA512

      161773d0c69552bc31c8c3a5fcd8e32b103dffd41f2b7ba14997b0eef5ca7e9b7956b9444c3f731ca2a65b78d528e2725e5ed5a71d2d600632d0a40b07b8732c

    • SSDEEP

      3072:fXHBbrLMnRN0JnR9eVnzfqwoZd48/dickrsMJttUDNa34L9AJzGePPUDa+591MIp:PRrLMnRmJn+zqryJt+Ne4Zz1MIfsb3+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks