Bitcoin Mining Software 1.5v.exe

General
Target

Bitcoin Mining Software 1.5v.exe

Size

4MB

Sample

211021-yjqwdsbfbk

Score
10 /10
MD5

c9b0c2b2a7988eb97f7069bb423a7ffa

SHA1

85d72dd1cdf60d9dd4c2696d950e63d163102c37

SHA256

773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c

SHA512

88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92

Malware Config

Extracted

Family redline
Botnet @EstetikaSell
C2

185.209.22.181:29234

Targets
Target

Bitcoin Mining Software 1.5v.exe

MD5

c9b0c2b2a7988eb97f7069bb423a7ffa

Filesize

4MB

Score
10/10
SHA1

85d72dd1cdf60d9dd4c2696d950e63d163102c37

SHA256

773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c

SHA512

88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks