General
-
Target
Sirus_Pass_123 (2).zip
-
Size
1.9MB
-
Sample
210413-6k258rzpb2
-
MD5
5191b13650bb95a29a55b687aad0a350
-
SHA1
c54af313db7f1b741ce0c4ccb4aeae81f25ee74d
-
SHA256
f50d40631a2b8ced9e48e69287dd4ba52fc74022d381f7518df6df2f32a113c9
-
SHA512
b082a4ebb9e6b451d438174c78298b688db078546df0de6e3d6de9b9dc8acc77d89b22e4768829219786fb450cac4afe4087a66af9e98e81c06c2ce6b31fa1cd
Static task
static1
Behavioral task
behavioral1
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral4
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral5
Sample
Sirus.exe
Resource
win7v20210410
Behavioral task
behavioral6
Sample
Sirus.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
1a329a10c40d1d7de968ac01620072546be15062
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
Sirus.exe
-
Size
2.2MB
-
MD5
196ff748cced551629a1683e3d9d9b37
-
SHA1
a7382072a4729771dec5b10bcf2d4895da444176
-
SHA256
ae841b1c3d0c1a0e490c21d6e373e75d0b66c63f88431b6e89f3d58e434abc91
-
SHA512
43c7dd0bb352ee970dc670fb517a388af52d39352c8d4bfc5ed23a135b311c9a7d18c8b98a9e01c0a955a5d42920f4c7cb41b74167041fe7c2632c5730f80861
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-