General
-
Target
Sirus_Pass_123 (2).zip
-
Size
1.2MB
-
Sample
210416-paxw8rpshx
-
MD5
48c9c6b7257b81c4b58f98d845209d5f
-
SHA1
8e4f6c146779bc72af5391f7e50d721cc3a986f2
-
SHA256
bafa6f042552c18bf66ad5aa9243cdea3e09e050bbefa354b67802866eb8d19f
-
SHA512
90424fe4972efa9352b0d659f0f7b0eec65d05908ed60015d789d05f68928dc5cbcd7c56032bdd81788697d37c6a941122c26ab5d519bdae59a8d6b285d35aa3
Behavioral task
behavioral1
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral2
Sample
Sirus.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
1a329a10c40d1d7de968ac01620072546be15062
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
Sirus.exe
-
Size
1.7MB
-
MD5
d3752c9e4466ffa7dcf4b5a065e9c274
-
SHA1
997d4d61d1691862f8aab10b94c9d654f2a65e3e
-
SHA256
f6598f853f981a4bcb58922d3584833086de09b9a7a6f368ca56cda7677f8126
-
SHA512
de0a9708836266b2ac06077ace01bc0d8cac53d94efcdf14e337f0bd29b7f985cf03465a5c6d7df1a8e2065a69bcb33f7f3aa0845a26be67e6a66852ef1a9f23
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-