General
-
Target
GTA5TerrorMM.exe
-
Size
4.3MB
-
Sample
211024-x8c56afad7
-
MD5
2283f11e692747d6de67bedc4f5811e0
-
SHA1
502acf6405c03eb6533c3337b5c7c2c34c910cf6
-
SHA256
58f64e4083fa288b091dc0d29a050da9cd09e4ee6607aff2e5fa5ffbe2c7a887
-
SHA512
f39270d219076b09e51cd256649eca721d9315cd287b3fb9122593280b647832faf2dc7c43e162fb2360d352526dc631c5e0c21692b6a6296700c6863407a2ee
Malware Config
Targets
-
-
Target
GTA5TerrorMM.exe
-
Size
4.3MB
-
MD5
2283f11e692747d6de67bedc4f5811e0
-
SHA1
502acf6405c03eb6533c3337b5c7c2c34c910cf6
-
SHA256
58f64e4083fa288b091dc0d29a050da9cd09e4ee6607aff2e5fa5ffbe2c7a887
-
SHA512
f39270d219076b09e51cd256649eca721d9315cd287b3fb9122593280b647832faf2dc7c43e162fb2360d352526dc631c5e0c21692b6a6296700c6863407a2ee
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-