Overview

overview

10

Static

static

ChromiumUp...er.iso

windows7-x64

3

ChromiumUp...er.iso

windows10-2004-x64

3

ChromiumUp...er.exe

windows7-x64

10

ChromiumUp...er.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ChromiumUpdate (1).zip

  • Size

    2.4MB

  • Sample

    230104-y12n8ahe92

  • MD5

    4907d04829cc8f7b394077575d760cf3

  • SHA1

    9d310f32383152fe5b7e5ab8e9d7c79580a5ee00

  • SHA256

    d5dbca59c974672951a8af8b9f2aff4e2a9bd5121f62d1b4fcd75b4dae57242c

  • SHA512

    dd6a19c315f890b16ebcc14d7471ef8ee7a4385319466ccd3a32916b2d9a2bc9e8c3a1f2a59320e92aec1ce68f6bdaf427694d6acb1f8674e861b3e17ddfa8b2

  • SSDEEP

    49152:RvK9OM7KNn68K4wjTLn53lRnLpG8NiInhMU7CPftm:JK9YA870TdBlx7z

Score
10/10
redlinechromiumtest2discoveryevasioninfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Chromiumtest2

C2

81.19.141.97:6257

Attributes
  • auth_value

    0da7df7b16f50445a027d0c932929d58

Targets

    • Target

      ChromiumUpdateDriver.iso

    • Size

      750.1MB

    • MD5

      4600cc67534d354dc5ab08236ee7113d

    • SHA1

      31416de1deb13e80b3175bd9a37d87af1680d20a

    • SHA256

      97d4a95bf26522e4966635d429f9ee337292ee6538e3c7f69a66c37b01776d05

    • SHA512

      67027b991f758a8d783421cf2f54a25eb5da9ebe7f5c7cdaafbeee8153a835bbd7249f24f173d226f02c817cb2d3d9e2deeeabe971f21a280ae7952ae7856a28

    • SSDEEP

      49152:himed8uFB0yNksAZFiFymR5vkbyJMrLjJxmO/qCPcc:gmc8uFBnN5IFiMcavPg

    Score
    3/10
    behavioral1behavioral2

    • Target

      ChromiumUpdateDriver.exe

    • Size

      750.0MB

    • MD5

      16a50ff5dce012b3ab124287cf37e94e

    • SHA1

      d08cfdb1603d03605536f49e1a6da0027f8d400b

    • SHA256

      2cb36751860cf91ba6851f0b6df29f25e6d018c337116f37b2a67ea37692b207

    • SHA512

      24a24d0dd1459d0603d70e7c725030a16c8e8fb880b158039ba250ce1c073257e5341b0986ff5399fdb505b8326f3bc6cba099460296f860d2a320e4c0ecd8a9

    • SSDEEP

      49152:Oimed8uFB0yNksAZFiFymR5vkbyJMrLjJxmO/qCPcc:Tmc8uFBnN5IFiMcavPg

    Score
    10/10
    redlinechromiumtest2discoveryevasioninfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks