redline | a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351
Size

234KB
Sample

210821-9y8scjtz7n
MD5

c32710820e0c9fccc1234fe6e7d7f1fb
SHA1

80c54657f5571f2e8f20792c45d7848e1f1e4f78
SHA256

a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351
SHA512

3023dd2082a369edcc0cee0065f38b639de13351dfb6a32e497f52e99d7b22ce18e067076dc5bb996617f21c178579b5b15c157ad1572bd5c6d42fecf7809222

Score

10^/10

redline xmrig 3 discovery infostealer miner persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351.exe

Resource

win10v20210408

redline xmrig 3 discovery infostealer miner persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

deyrolorme.xyz:80

xariebelal.xyz:80

anihelardd.xyz:80

Targets

- Target
  
  a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351
- Size
  
  234KB
- MD5
  
  c32710820e0c9fccc1234fe6e7d7f1fb
- SHA1
  
  80c54657f5571f2e8f20792c45d7848e1f1e4f78
- SHA256
  
  a9a907994d59fc53b990a0b933417d3601aa2a92da077177e09e0adc3b919351
- SHA512
  
  3023dd2082a369edcc0cee0065f38b639de13351dfb6a32e497f52e99d7b22ce18e067076dc5bb996617f21c178579b5b15c157ad1572bd5c6d42fecf7809222
Score

10^/10

redline xmrig 3 discovery infostealer miner persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinexmrig3discoveryinfostealerminerpersistencespywarestealer

© 2018-2024

Terms | Privacy