General
-
Target
ezXcheat X v2.41c.exe
-
Size
41KB
-
Sample
211014-z56z6sbaer
-
MD5
6055435901bfb5bd45d0e89fafe04072
-
SHA1
03be74c1818c33d25cc12e8437a226caa446e935
-
SHA256
0c8765b5df84c97314dd2cbf298204b133d73d2a961502463cfbf04e83e1ffa1
-
SHA512
6548398fc089b23b3713c641e37ae9ab66665c4aeeb5ec3eb9cedee2d05e179b2328da36292e181e9cf5d1a3fabbc27be516f0883baff97b52bcd8b6f42baa14
Static task
static1
Behavioral task
behavioral1
Sample
ezXcheat X v2.41c.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
@obamaklan1
164.132.72.186:18717
Targets
-
-
Target
ezXcheat X v2.41c.exe
-
Size
41KB
-
MD5
6055435901bfb5bd45d0e89fafe04072
-
SHA1
03be74c1818c33d25cc12e8437a226caa446e935
-
SHA256
0c8765b5df84c97314dd2cbf298204b133d73d2a961502463cfbf04e83e1ffa1
-
SHA512
6548398fc089b23b3713c641e37ae9ab66665c4aeeb5ec3eb9cedee2d05e179b2328da36292e181e9cf5d1a3fabbc27be516f0883baff97b52bcd8b6f42baa14
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-