General

  • Target

    5f1825aacf117c825570856af2eb1fc17989f693470d0d9cde4b4427a8b4f7cf

  • Size

    311KB

  • Sample

    230816-vzexaaec7x

  • MD5

    6be779d65301255549dc60f76bc47b99

  • SHA1

    f0d0f5e4e1243eca251ed53586b40125e62585f5

  • SHA256

    5f1825aacf117c825570856af2eb1fc17989f693470d0d9cde4b4427a8b4f7cf

  • SHA512

    101c8cba819f9e6eced64f13d13537dfe8b2d82e9f7da5a104c796792c9cb9f51592d052282f4653e75c5b3fa58486028dce6c5191315cde2160b6eea5581fcc

  • SSDEEP

    6144:8y8bmLbFavdRLr0YCIPOCfi9l1tC0kDxOrmypc:8hmnF8EYCImlvLuxOr3

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      5f1825aacf117c825570856af2eb1fc17989f693470d0d9cde4b4427a8b4f7cf

    • Size

      311KB

    • MD5

      6be779d65301255549dc60f76bc47b99

    • SHA1

      f0d0f5e4e1243eca251ed53586b40125e62585f5

    • SHA256

      5f1825aacf117c825570856af2eb1fc17989f693470d0d9cde4b4427a8b4f7cf

    • SHA512

      101c8cba819f9e6eced64f13d13537dfe8b2d82e9f7da5a104c796792c9cb9f51592d052282f4653e75c5b3fa58486028dce6c5191315cde2160b6eea5581fcc

    • SSDEEP

      6144:8y8bmLbFavdRLr0YCIPOCfi9l1tC0kDxOrmypc:8hmnF8EYCImlvLuxOr3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks