redline | 2d241ce3d2981c29545a11c13ec0ecd7e021759d35dea0c762bb0c63bb1b555d | Triage

Submit
Reports

Overview

overview

Static

static

chrom.exe

windows7-x64

chrom.exe

windows10-2004-x64

Sharing

General

Target

chrom.exe
Size

3.9MB
Sample

221003-e8vfbsgce6
MD5

d60909eb4d445d948740877e759b7b83
SHA1

dc8a672358fa25efbcefb5e4074aab7acdb413a6
SHA256

2d241ce3d2981c29545a11c13ec0ecd7e021759d35dea0c762bb0c63bb1b555d
SHA512

d10292ff78b4e14569d8b96170d0da905b1beb45a1bd76ff7fe7d43b5b72ef079bae7ce68c01759f46b5fb4fc60d367c1cc78fbc676b3adca947f45f58c18242
SSDEEP

98304:FvJ7zh1f+X5wDg+kkq/0j+TdWRRsuwaxhYDU4PQv2Vph2XpR:RPl+XWkkqMaTdWb0aDv2VpC

Score

10^/10

redline crypt_mastif discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

chrom.exe

Resource

win7-20220901-en

redline crypt_mastif discovery infostealer spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

chrom.exe

Resource

win10v2004-20220901-en

redline crypt_mastif discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Crypt_Mastif

C2

194.36.177.60:81

Attributes

auth_value
26018289184445b16046125f5e616df6

Targets

- Target
  
  chrom.exe
- Size
  
  3.9MB
- MD5
  
  d60909eb4d445d948740877e759b7b83
- SHA1
  
  dc8a672358fa25efbcefb5e4074aab7acdb413a6
- SHA256
  
  2d241ce3d2981c29545a11c13ec0ecd7e021759d35dea0c762bb0c63bb1b555d
- SHA512
  
  d10292ff78b4e14569d8b96170d0da905b1beb45a1bd76ff7fe7d43b5b72ef079bae7ce68c01759f46b5fb4fc60d367c1cc78fbc676b3adca947f45f58c18242
- SSDEEP
  
  98304:FvJ7zh1f+X5wDg+kkq/0j+TdWRRsuwaxhYDU4PQv2Vph2XpR:RPl+XWkkqMaTdWb0aDv2VpC
Score

10^/10

redline crypt_mastif discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinecrypt_mastifdiscoveryinfostealerspywarestealer

behavioral2

redlinecrypt_mastifdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy