General

  • Target

    fb5ee7b40e1e2cbb4b49908e3e3b83954ec5b5d5e6b31c13de133c396ec49601

  • Size

    346KB

  • Sample

    230813-zz8a2sec35

  • MD5

    9c0492ad620a4028c2f4986a28c409f1

  • SHA1

    0e2d53799af6b742081f07d73978dbbf2c51dc12

  • SHA256

    fb5ee7b40e1e2cbb4b49908e3e3b83954ec5b5d5e6b31c13de133c396ec49601

  • SHA512

    ab07bf3e0f3b95e91aa63ff7b9ce45ac016d34cdbe83fbb526ee3370c05bbb6ff229a26e6dfb9facd492025fb36699231bec214db04a7e6fff40d5e818a26717

  • SSDEEP

    6144:JN6LHnk6/d9eV54d3FPEhdgH1xX+jNnerfapG+:JEz3/jshdonX+sA

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      fb5ee7b40e1e2cbb4b49908e3e3b83954ec5b5d5e6b31c13de133c396ec49601

    • Size

      346KB

    • MD5

      9c0492ad620a4028c2f4986a28c409f1

    • SHA1

      0e2d53799af6b742081f07d73978dbbf2c51dc12

    • SHA256

      fb5ee7b40e1e2cbb4b49908e3e3b83954ec5b5d5e6b31c13de133c396ec49601

    • SHA512

      ab07bf3e0f3b95e91aa63ff7b9ce45ac016d34cdbe83fbb526ee3370c05bbb6ff229a26e6dfb9facd492025fb36699231bec214db04a7e6fff40d5e818a26717

    • SSDEEP

      6144:JN6LHnk6/d9eV54d3FPEhdgH1xX+jNnerfapG+:JEz3/jshdonX+sA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks