redline | 2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b | Triage

Submit
Reports

Overview

overview

Static

static

Installer.exe

windows7_x64

Installer.exe

windows10_x64

Sharing

General

Target

Installer.exe
Size

1.6MB
Sample

210730-hfr5fnesaa
MD5

8a1995805ad65999ec546a1074ac9887
SHA1

11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
SHA256

2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
SHA512

cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777

Score

10^/10

redline mastif discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Installer.exe

Resource

win7v20210408

redline mastif discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Installer.exe

Resource

win10v20210408

redline mastif discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mastif

C2

91.121.146.23:9519

Targets

- Target
  
  Installer.exe
- Size
  
  1.6MB
- MD5
  
  8a1995805ad65999ec546a1074ac9887
- SHA1
  
  11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
- SHA256
  
  2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
- SHA512
  
  cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777
Score

10^/10

redline mastif discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemastifdiscoveryinfostealerspywarestealer

behavioral2

redlinemastifdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy