redline | ff75a4f5148614f8c1ef4c86f8d0febf4a1ac1e8d34bb51bb14d5e4fef28cc2d | Triage

Submit
Reports

Overview

overview

Static

static

ef84d3be_N...u1.exe

windows7_x64

ef84d3be_N...u1.exe

windows10_x64

Sharing

General

Target

ef84d3be_N468biLDu1
Size

104KB
Sample

210910-fpfy9scdbr
MD5

ef84d3be5dceecc53116942e3d1e3bc1
SHA1

4fef8e0a14cb2e80f796fc34e1db65c3d061859f
SHA256

ff75a4f5148614f8c1ef4c86f8d0febf4a1ac1e8d34bb51bb14d5e4fef28cc2d
SHA512

feb064f9b579a10899d61fde1f68b50e22069bee535f898c435aca52be317cf11f4f0019c86b4f6fa3350bd5b312f2f7e6740357102e8317b42256706c43ff32

Score

10^/10

redline xmrig @lopikskk discovery miner spyware stealer

Static task

static1

@lopikskk redline

Behavioral task

behavioral1

Sample

ef84d3be_N468biLDu1.exe

Resource

win7-en

xmrig discovery miner spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ef84d3be_N468biLDu1.exe

Resource

win10v20210408

xmrig discovery miner spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@lopikskk

C2

45.137.190.170:19896

Targets

- Target
  
  ef84d3be_N468biLDu1
- Size
  
  104KB
- MD5
  
  ef84d3be5dceecc53116942e3d1e3bc1
- SHA1
  
  4fef8e0a14cb2e80f796fc34e1db65c3d061859f
- SHA256
  
  ff75a4f5148614f8c1ef4c86f8d0febf4a1ac1e8d34bb51bb14d5e4fef28cc2d
- SHA512
  
  feb064f9b579a10899d61fde1f68b50e22069bee535f898c435aca52be317cf11f4f0019c86b4f6fa3350bd5b312f2f7e6740357102e8317b42256706c43ff32
Score

10^/10

xmrig discovery miner spyware stealer
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

@lopikskkredline

behavioral1

xmrigdiscoveryminerspywarestealer

behavioral2

xmrigdiscoveryminerspywarestealer

© 2018-2024

Terms | Privacy