redline | e04fa0e503137dfc2219c5c2e0f8644ab236a002d665ca3fb297428548d4580f | Triage

Sharing

General

Target

e04fa0e503137dfc2219c5c2e0f8644ab236a002d665ca3fb297428548d4580f
Size

338KB
Sample

230815-gtms2sha78
MD5

d637248c2a60ab76b9100534c2d3c1ff
SHA1

54b15fcc5ea9b50c7a26e74aa6a7bd8b75cefba4
SHA256

e04fa0e503137dfc2219c5c2e0f8644ab236a002d665ca3fb297428548d4580f
SHA512

bfb51a5f05beb0d0f0e1b7606a05f5d5c25aabd5984efd03aac108194edb75b620dfe1f25e54e2b70b941cb2e2aa28dc2397256796f97ae27d72e6ef20ab5cce
SSDEEP

6144:2GvtXLe2pK+6lTgqxI1/sHymR1b28+hmndP:289q20+KT74eN1bj

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes

auth_value
3a050df92d0cf082b2cdaf87863616be

Targets

- Target
  
  e04fa0e503137dfc2219c5c2e0f8644ab236a002d665ca3fb297428548d4580f
- Size
  
  338KB
- MD5
  
  d637248c2a60ab76b9100534c2d3c1ff
- SHA1
  
  54b15fcc5ea9b50c7a26e74aa6a7bd8b75cefba4
- SHA256
  
  e04fa0e503137dfc2219c5c2e0f8644ab236a002d665ca3fb297428548d4580f
- SHA512
  
  bfb51a5f05beb0d0f0e1b7606a05f5d5c25aabd5984efd03aac108194edb75b620dfe1f25e54e2b70b941cb2e2aa28dc2397256796f97ae27d72e6ef20ab5cce
- SSDEEP
  
  6144:2GvtXLe2pK+6lTgqxI1/sHymR1b28+hmndP:289q20+KT74eN1bj
Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiller cloud (tg: @logsdillabot)infostealerspywarestealer