Overview

overview

10

Static

static

FAD165B5BA...3E.exe

windows7_x64

10

FAD165B5BA...3E.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FAD165B5BA7DDB0389733F6B979EAE3E.exe

  • Size

    2.4MB

  • Sample

    210504-571t57hjj6

  • MD5

    fad165b5ba7ddb0389733f6b979eae3e

  • SHA1

    e3641696b0cb2137501ad51501225ee79757ba2b

  • SHA256

    328c5eb8908b83c474ab4ab892ac1c2cae066f1f55dbcd15d850b54cc0f4c3cc

  • SHA512

    621ba451d47acb409ce309322236ce53c4dd514a40ece5cb3beaf509ce9241bf410e792efea2d2435d7fb0c87b2ee3c649f9a8274e0e852b534e1263954a95fc

Score
10/10
redlinexmrig@osix7infostealerminerspyware

Malware Config

Extracted

Family

redline

Botnet

@Osix7

C2

briaseynan.xyz:80

Targets

    • Target

      FAD165B5BA7DDB0389733F6B979EAE3E.exe

    • Size

      2.4MB

    • MD5

      fad165b5ba7ddb0389733f6b979eae3e

    • SHA1

      e3641696b0cb2137501ad51501225ee79757ba2b

    • SHA256

      328c5eb8908b83c474ab4ab892ac1c2cae066f1f55dbcd15d850b54cc0f4c3cc

    • SHA512

      621ba451d47acb409ce309322236ce53c4dd514a40ece5cb3beaf509ce9241bf410e792efea2d2435d7fb0c87b2ee3c649f9a8274e0e852b534e1263954a95fc

    Score
    10/10
    redline@osix7infostealerspywarexmrigminer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks