Overview
overview
10Static
static
ﱞﱞﱞï...ﱞﱞ
windows10_x64
10ﱞﱞﱞï...ฺฺ
windows10_x64
10ﱞﱞﱞï...ﱞﱞ
windows10_x64
10ﱞﱞﱞï...ﱞﱞ
windows10_x64
10ﱞﱞﱞï...ﱞﱞ
windows7_x64
10win102
windows10_x64
10win104
windows10_x64
10win105
windows10_x64
10win106
windows10_x64
10win103
windows10_x64
10win101
windows10_x64
10win100
windows10_x64
10General
-
Target
Sirus.exe
-
Size
2.2MB
-
Sample
210415-8m598bvl3n
-
MD5
196ff748cced551629a1683e3d9d9b37
-
SHA1
a7382072a4729771dec5b10bcf2d4895da444176
-
SHA256
ae841b1c3d0c1a0e490c21d6e373e75d0b66c63f88431b6e89f3d58e434abc91
-
SHA512
43c7dd0bb352ee970dc670fb517a388af52d39352c8d4bfc5ed23a135b311c9a7d18c8b98a9e01c0a955a5d42920f4c7cb41b74167041fe7c2632c5730f80861
Static task
static1
Behavioral task
behavioral1
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral4
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral5
Sample
Sirus.exe
Resource
win7v20210410
Behavioral task
behavioral6
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral7
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral8
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral9
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral10
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral11
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral12
Sample
Sirus.exe
Resource
win10v20210410
Malware Config
Extracted
raccoon
1a329a10c40d1d7de968ac01620072546be15062
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
Sirus.exe
-
Size
2.2MB
-
MD5
196ff748cced551629a1683e3d9d9b37
-
SHA1
a7382072a4729771dec5b10bcf2d4895da444176
-
SHA256
ae841b1c3d0c1a0e490c21d6e373e75d0b66c63f88431b6e89f3d58e434abc91
-
SHA512
43c7dd0bb352ee970dc670fb517a388af52d39352c8d4bfc5ed23a135b311c9a7d18c8b98a9e01c0a955a5d42920f4c7cb41b74167041fe7c2632c5730f80861
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-