Overview

overview

10

Static

static

3

ground.exe

windows7-x64

1

ground.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ground.exe

  • Size

    263KB

  • Sample

    230823-r9dkescg88

  • MD5

    e51b95dc4715e4d974666531bb10f31a

  • SHA1

    7dc83cc5104d626c58b1f7f98e41126acfb6aade

  • SHA256

    a341d8f1aef7b96d07b359b03af30947947813291a98ad5990d7ebd4c3e97f6b

  • SHA512

    b8309f5f4a24f2459365e5cfd8fb020760478680dcaa8bafd6126ed230b393b9d220c9f5e2281b8691de7474bb880c22e342e01e832c7279a146f89d7b17f5e2

  • SSDEEP

    6144:fg/TeGnpOGadbuh2tuQrUoCcYV3A/HZPlf:I/CGnpXadbcQowYtK9

Score
10/10
redlinemastif cryptinfostealer

Malware Config

Extracted

Family

redline

Botnet

mastif crypt

C2

194.50.153.159:82

Attributes
  • auth_value

    356025fc1151d228a566b2d68047fb2e

Targets

    • Target

      ground.exe

    • Size

      263KB

    • MD5

      e51b95dc4715e4d974666531bb10f31a

    • SHA1

      7dc83cc5104d626c58b1f7f98e41126acfb6aade

    • SHA256

      a341d8f1aef7b96d07b359b03af30947947813291a98ad5990d7ebd4c3e97f6b

    • SHA512

      b8309f5f4a24f2459365e5cfd8fb020760478680dcaa8bafd6126ed230b393b9d220c9f5e2281b8691de7474bb880c22e342e01e832c7279a146f89d7b17f5e2

    • SSDEEP

      6144:fg/TeGnpOGadbuh2tuQrUoCcYV3A/HZPlf:I/CGnpXadbcQowYtK9

    Score
    10/10
    redlinemastif cryptinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks