General

  • Target

    9d188ed93cc10d4cc5c0b22dcecf53b41bb5ab58fcb57ea23a606c72994bb304

  • Size

    341KB

  • Sample

    230817-lmj6ssad21

  • MD5

    eac8a85614bd34628d409122c84471fd

  • SHA1

    5f6ca38f17b9063e2f65924e4ccf15f0979738d9

  • SHA256

    9d188ed93cc10d4cc5c0b22dcecf53b41bb5ab58fcb57ea23a606c72994bb304

  • SHA512

    56e7a9fc768366b8470dde03bf44d53831e55e1675dbfc4a7112f05018052947bf0be7c05a1685ea14f761341a45de2308712cd699d34e6f8915a765602bf0eb

  • SSDEEP

    6144:9z7LnLdy67Hih8hwTSE5TMJYGgkkgB0QiItzcsmvCci:9znxy67c8hk2+eeItDmvCX

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      9d188ed93cc10d4cc5c0b22dcecf53b41bb5ab58fcb57ea23a606c72994bb304

    • Size

      341KB

    • MD5

      eac8a85614bd34628d409122c84471fd

    • SHA1

      5f6ca38f17b9063e2f65924e4ccf15f0979738d9

    • SHA256

      9d188ed93cc10d4cc5c0b22dcecf53b41bb5ab58fcb57ea23a606c72994bb304

    • SHA512

      56e7a9fc768366b8470dde03bf44d53831e55e1675dbfc4a7112f05018052947bf0be7c05a1685ea14f761341a45de2308712cd699d34e6f8915a765602bf0eb

    • SSDEEP

      6144:9z7LnLdy67Hih8hwTSE5TMJYGgkkgB0QiItzcsmvCci:9znxy67c8hk2+eeItDmvCX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks