General

  • Target

    568-139-0x0000000002490000-0x00000000024C4000-memory.dmp

  • Size

    208KB

  • Sample

    230814-h8ml9sad87

  • MD5

    81c6e044448ee99028ba7720c5bf1e58

  • SHA1

    c683cf48d4dfa939614965a46466fce1a9d373cd

  • SHA256

    055cd616a8b35483c45e05edc480d5d6e049954807fff75a74969f4e54be81e1

  • SHA512

    5d7cb13216d94d92c013afc92e5e259027958a4c14f2f824e9a7876082696e145772b852ce84b761765d005d7999bdbbaa4acb8de6828eedd0dbaa044628f49b

  • SSDEEP

    3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hlW:5rmtU/gIInG6oAqBVXrmhKZ5eD

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      568-139-0x0000000002490000-0x00000000024C4000-memory.dmp

    • Size

      208KB

    • MD5

      81c6e044448ee99028ba7720c5bf1e58

    • SHA1

      c683cf48d4dfa939614965a46466fce1a9d373cd

    • SHA256

      055cd616a8b35483c45e05edc480d5d6e049954807fff75a74969f4e54be81e1

    • SHA512

      5d7cb13216d94d92c013afc92e5e259027958a4c14f2f824e9a7876082696e145772b852ce84b761765d005d7999bdbbaa4acb8de6828eedd0dbaa044628f49b

    • SSDEEP

      3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hlW:5rmtU/gIInG6oAqBVXrmhKZ5eD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks