General
-
Target
Sirus_Pass_123 (3).zip
-
Size
1.2MB
-
Sample
210416-1e24gcen4e
-
MD5
6c8235bc496a608c7e0297589bb0e2be
-
SHA1
fc2f55aca728a977bd0056f9cb510bac16c4f1dd
-
SHA256
2264cff0e7eb20b0f710c0b7b686be46829f437233c240fde4da4096f90090fa
-
SHA512
5ff132ff46f00d0b97685399a606f14df4278afd2c82f17b23a4fb1dfcb7ab87c2100cadaf06b4c5a09b0753c02c35afca50b89b4f5398efc402121249e4bf97
Behavioral task
behavioral1
Sample
Sirus.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
Sirus.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
1a329a10c40d1d7de968ac01620072546be15062
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
Sirus.exe
-
Size
1.7MB
-
MD5
d3752c9e4466ffa7dcf4b5a065e9c274
-
SHA1
997d4d61d1691862f8aab10b94c9d654f2a65e3e
-
SHA256
f6598f853f981a4bcb58922d3584833086de09b9a7a6f368ca56cda7677f8126
-
SHA512
de0a9708836266b2ac06077ace01bc0d8cac53d94efcdf14e337f0bd29b7f985cf03465a5c6d7df1a8e2065a69bcb33f7f3aa0845a26be67e6a66852ef1a9f23
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-