General

  • Target

    696b6607853c35bf80ba50b4784cf28234686f6152750c5ed42c6596ea3f8775

  • Size

    340KB

  • Sample

    230817-l58bcaad9t

  • MD5

    ea574dde100b38b040b422c37ef6814b

  • SHA1

    e29a978f7c4c225d37ddc87a2a0ba82d23eb99ba

  • SHA256

    696b6607853c35bf80ba50b4784cf28234686f6152750c5ed42c6596ea3f8775

  • SHA512

    b1f0d8aa87c364485fa86fe88c50d982300627f2c354280c29e3ad9a0eda6d39550e3699ad132fc67533ee56984b0ff567694e4fe7ec6d287e72b03e80428697

  • SSDEEP

    6144:37enmv0Vl/GA0cegen5xpLdP8D9zJLx9o1FXOFHBCi:37Ck0VVGAHQ5fd8DPl9EFqHBx

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      696b6607853c35bf80ba50b4784cf28234686f6152750c5ed42c6596ea3f8775

    • Size

      340KB

    • MD5

      ea574dde100b38b040b422c37ef6814b

    • SHA1

      e29a978f7c4c225d37ddc87a2a0ba82d23eb99ba

    • SHA256

      696b6607853c35bf80ba50b4784cf28234686f6152750c5ed42c6596ea3f8775

    • SHA512

      b1f0d8aa87c364485fa86fe88c50d982300627f2c354280c29e3ad9a0eda6d39550e3699ad132fc67533ee56984b0ff567694e4fe7ec6d287e72b03e80428697

    • SSDEEP

      6144:37enmv0Vl/GA0cegen5xpLdP8D9zJLx9o1FXOFHBCi:37Ck0VVGAHQ5fd8DPl9EFqHBx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks