General
-
Target
Bitcoin Mining Software 1.5v.exe
-
Size
4.6MB
-
Sample
211021-yjqwdsbfbk
-
MD5
c9b0c2b2a7988eb97f7069bb423a7ffa
-
SHA1
85d72dd1cdf60d9dd4c2696d950e63d163102c37
-
SHA256
773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c
-
SHA512
88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92
Static task
static1
Behavioral task
behavioral1
Sample
Bitcoin Mining Software 1.5v.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Bitcoin Mining Software 1.5v.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@EstetikaSell
185.209.22.181:29234
Targets
-
-
Target
Bitcoin Mining Software 1.5v.exe
-
Size
4.6MB
-
MD5
c9b0c2b2a7988eb97f7069bb423a7ffa
-
SHA1
85d72dd1cdf60d9dd4c2696d950e63d163102c37
-
SHA256
773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c
-
SHA512
88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-