General

  • Target

    e971fc3aab6935b363417b1bb9c40f8c77ae1582880749de6c6ef50e66836a17

  • Size

    312KB

  • Sample

    230816-yflr9sfd8t

  • MD5

    96950ce2ba9e4ea985b7abd4e8f279f5

  • SHA1

    78c7a10fecee73068062d506cdf993e4b9131260

  • SHA256

    e971fc3aab6935b363417b1bb9c40f8c77ae1582880749de6c6ef50e66836a17

  • SHA512

    07eec941984d6f8b8ebe19275ccaae21727b02bb8062486a05e1a0d2eec4614afa05632aa7d5e075d0a23e671dfde51f1acc59647586d055da237e9531901a5c

  • SSDEEP

    3072:RBXdZiuFHvULXNvqcUgnQXf/sjb8A2L6MWNTJskiPvvD2EcxCNGV6o8M4sPSUaYU:jdJULdvZTnlQA2TKRiHvjo8Ts3A6o

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      e971fc3aab6935b363417b1bb9c40f8c77ae1582880749de6c6ef50e66836a17

    • Size

      312KB

    • MD5

      96950ce2ba9e4ea985b7abd4e8f279f5

    • SHA1

      78c7a10fecee73068062d506cdf993e4b9131260

    • SHA256

      e971fc3aab6935b363417b1bb9c40f8c77ae1582880749de6c6ef50e66836a17

    • SHA512

      07eec941984d6f8b8ebe19275ccaae21727b02bb8062486a05e1a0d2eec4614afa05632aa7d5e075d0a23e671dfde51f1acc59647586d055da237e9531901a5c

    • SSDEEP

      3072:RBXdZiuFHvULXNvqcUgnQXf/sjb8A2L6MWNTJskiPvvD2EcxCNGV6o8M4sPSUaYU:jdJULdvZTnlQA2TKRiHvjo8Ts3A6o

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks