redline | 74e150367f59cc92a48c8725120865c7b94312981a09d981760431da4485ed50 | Triage

Sharing

General

Target

hotel-requirements.pdf28.zip
Size

66.0MB
Sample

230622-v1tf3aha7t
MD5

24f925917a8b254db098bcf6de37d7a4
SHA1

ce4367516564c72352c7b8528e2e193d310baaac
SHA256

74e150367f59cc92a48c8725120865c7b94312981a09d981760431da4485ed50
SHA512

06c6d0bb8eb9d3b1f0b409ddf5682590700cafab0a539c939878dddfd42e77306d2b674313beac6f6cf7d05327b4332a4cb09253e45c09af59cb1d97245eb5be
SSDEEP

1572864:4TLP/2cmeM+vFdLDsNMcqrGPxW5kCtnETLcvAq9FN9ZSbUI/BF:4ThmdedXws5kCZEl+FN9KUIpF

Score

10^/10

redline mastif infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Mastif

C2

78.47.242.225:15635

Attributes

auth_value
32b21fb55370c8e21f0f75577471534e

Targets

- Target
  
  hotel-requirements.pdf/hotel-requirements.pdf.scr
- Size
  
  564.4MB
- MD5
  
  7faa29f9a965143cf67f27c1455111c1
- SHA1
  
  f5c34c4399c2fca31c6ac05e14a566374c6732a9
- SHA256
  
  a06612c8c0ff60c840da39e7d8571e949716bdec4c4a6582fdaae25216907fbe
- SHA512
  
  2caffe5412262a291fa76a5887ccff316b3983a675a16d97c4dcde087ae3d3ccdb9685f66dbc999d1ade1888d6df45d015e1dd9bc0d396a2abf8761949bf3dd6
- SSDEEP
  
  786432:MA5OgdnGFPsX2YiMiqN7z5EYUj4Vtpe9oA4Jxo88nvcVkf/2npG4U:M4d2oiU7z5EZMre9GJxo8q0Vkf8a
Score

10^/10

redline mastif infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinemastifinfostealerspyware