General

  • Target

    5826925d9b75ce6cc313b094ab0ceb79f9b6b94b85c9a27b060af89e59b7e4d4

  • Size

    341KB

  • Sample

    230817-fegstafc66

  • MD5

    abe8a5ea6ecff485571accbdc83b8e30

  • SHA1

    8c2f21dd5908f0711b9e54c7b2f51ffa948dc8f9

  • SHA256

    5826925d9b75ce6cc313b094ab0ceb79f9b6b94b85c9a27b060af89e59b7e4d4

  • SHA512

    7c7b9974548a5cd11a7be5ed6d18905f7817c93b88de7e0ba811e4da0e87843b76d5a04d4e7f84a1717a1d9060f4b7b0723b70ae6d2d3d4939c72d2bf2a520a4

  • SSDEEP

    6144:cz7LnLdy67P+jLRDIcKIz0V67mFkfAFA79lR:cznxy67P+jLRMIF7m6oi9/

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      5826925d9b75ce6cc313b094ab0ceb79f9b6b94b85c9a27b060af89e59b7e4d4

    • Size

      341KB

    • MD5

      abe8a5ea6ecff485571accbdc83b8e30

    • SHA1

      8c2f21dd5908f0711b9e54c7b2f51ffa948dc8f9

    • SHA256

      5826925d9b75ce6cc313b094ab0ceb79f9b6b94b85c9a27b060af89e59b7e4d4

    • SHA512

      7c7b9974548a5cd11a7be5ed6d18905f7817c93b88de7e0ba811e4da0e87843b76d5a04d4e7f84a1717a1d9060f4b7b0723b70ae6d2d3d4939c72d2bf2a520a4

    • SSDEEP

      6144:cz7LnLdy67P+jLRDIcKIz0V67mFkfAFA79lR:cznxy67P+jLRMIF7m6oi9/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks