redline | cc005ad9ad8411fda8398597954ce4f4210c978367f996e05ce01bba2833986c | Triage

Submit
Reports

Overview

overview

Static

static

install.exe

windows7_x64

install.exe

windows10_x64

Sharing

General

Target

install.exe
Size

355KB
Sample

211014-zzfk2abaen
MD5

fef580216c9fc6f662f11ad6c8dbd7eb
SHA1

37a18d20313a05c987e9c2081994c6365c17624d
SHA256

cc005ad9ad8411fda8398597954ce4f4210c978367f996e05ce01bba2833986c
SHA512

1280a3daf15ee604de3a8b80399436b64dcd8a61e8fdd7ce769792ce19a2889c7b56d4ff08bdac3955e0a0f691c4465d144a83e0fb47358ad9891f55f9948e3f

Score

10^/10

redline xmrig @noilase infostealer miner spyware

Static task

static1

Behavioral task

behavioral1

Sample

install.exe

Resource

win7-en-20210920

redline xmrig @noilase infostealer miner spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

install.exe

Resource

win10-en-20211014

redline xmrig @noilase infostealer miner spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@noilase

C2

92.119.113.189:21746

Targets

- Target
  
  install.exe
- Size
  
  355KB
- MD5
  
  fef580216c9fc6f662f11ad6c8dbd7eb
- SHA1
  
  37a18d20313a05c987e9c2081994c6365c17624d
- SHA256
  
  cc005ad9ad8411fda8398597954ce4f4210c978367f996e05ce01bba2833986c
- SHA512
  
  1280a3daf15ee604de3a8b80399436b64dcd8a61e8fdd7ce769792ce19a2889c7b56d4ff08bdac3955e0a0f691c4465d144a83e0fb47358ad9891f55f9948e3f
Score

10^/10

redline xmrig @noilase infostealer miner spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinexmrig@noilaseinfostealerminerspyware

behavioral2

redlinexmrig@noilaseinfostealerminerspyware

© 2018-2024

Terms | Privacy