Overview

overview

10

Static

static

Chron.exe

windows7-x64

3

Chron.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chron.exe

  • Size

    490KB

  • Sample

    221018-1wq32adhe6

  • MD5

    f87135178fe6abd26406c9a9d026894a

  • SHA1

    dfcea258c1e56097601f7a5e7fb4e4f9a6aec3eb

  • SHA256

    4905ecda46a5a03e0d6c5a8144ec47063109fc2eb5fbb5e06722080e63eb7394

  • SHA512

    885ec3c0a56ec5247579f85ae83d909c43264c4466dfeab24bb7d2d388f1a3f2abce0136303726384c2c91b2a398d84e8ec09c21ef81c70e74157d21f9c7b251

  • SSDEEP

    6144:FLXU3QBk29LvIY28arOtXNt25Qd9lxtPoCFbfgKrcwny2BHaxK7:5U3yu9WQQT9oCFKwn7B6i

Score
10/10
redlineytstealercrypt_mastif_v1infostealerspywarestealerupx

Malware Config

Extracted

Family

redline

Botnet

Crypt_Mastif_V1

C2

194.36.177.60:81

Attributes
  • auth_value

    140a3d1ac14114893f898a1e7e4ba24f

Targets

    • Target

      Chron.exe

    • Size

      490KB

    • MD5

      f87135178fe6abd26406c9a9d026894a

    • SHA1

      dfcea258c1e56097601f7a5e7fb4e4f9a6aec3eb

    • SHA256

      4905ecda46a5a03e0d6c5a8144ec47063109fc2eb5fbb5e06722080e63eb7394

    • SHA512

      885ec3c0a56ec5247579f85ae83d909c43264c4466dfeab24bb7d2d388f1a3f2abce0136303726384c2c91b2a398d84e8ec09c21ef81c70e74157d21f9c7b251

    • SSDEEP

      6144:FLXU3QBk29LvIY28arOtXNt25Qd9lxtPoCFbfgKrcwny2BHaxK7:5U3yu9WQQT9oCFKwn7B6i

    Score
    10/10
    redlineytstealercrypt_mastif_v1infostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks