General

  • Target

    c96901f384403b06ea4dd4b1b7af00d148fb17ad6af38110b84dd716914c30c0

  • Size

    339KB

  • Sample

    230814-pwngcsca65

  • MD5

    669880b98f07802e498ed5eb9956eaf4

  • SHA1

    78377e703376fa0b0303f7464bba5b0abdc32dc4

  • SHA256

    c96901f384403b06ea4dd4b1b7af00d148fb17ad6af38110b84dd716914c30c0

  • SHA512

    f676e1e8ff05264cb37cfc76383a02ba3e4e30139b0e97a7ee5d9a03f2dd948d3410de71f62181d1aeeafc1a7007a1736cbd18ff4ab9b3b3bb6a494bab7977d8

  • SSDEEP

    6144:f+9Qlu+ecy3lNYARvY+Z2FpdiPMkzC3LtDTZnqGFl6uei:29QAVcOVRvYW2FpYPMdVTXT

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      c96901f384403b06ea4dd4b1b7af00d148fb17ad6af38110b84dd716914c30c0

    • Size

      339KB

    • MD5

      669880b98f07802e498ed5eb9956eaf4

    • SHA1

      78377e703376fa0b0303f7464bba5b0abdc32dc4

    • SHA256

      c96901f384403b06ea4dd4b1b7af00d148fb17ad6af38110b84dd716914c30c0

    • SHA512

      f676e1e8ff05264cb37cfc76383a02ba3e4e30139b0e97a7ee5d9a03f2dd948d3410de71f62181d1aeeafc1a7007a1736cbd18ff4ab9b3b3bb6a494bab7977d8

    • SSDEEP

      6144:f+9Qlu+ecy3lNYARvY+Z2FpdiPMkzC3LtDTZnqGFl6uei:29QAVcOVRvYW2FpYPMdVTXT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks