redline | 0d57b6f5fac7ad9d056c338897137e6f19b0c21e02fd41212c835550a4600c25 | Triage

Submit
Reports

Overview

overview

Static

static

CS GO VRed....5.exe

windows7_x64

CS GO VRed....5.exe

windows10_x64

Sharing

General

Target

CS GO VRedux v1.7.5.exe
Size

4.2MB
Sample

211027-shjg2afce2
MD5

d97da7a2fd5029b6889135908fea26f4
SHA1

3ae3076580e70f04a43937462fa8de641a1ef4fa
SHA256

0d57b6f5fac7ad9d056c338897137e6f19b0c21e02fd41212c835550a4600c25
SHA512

804884804f9457d8f6a4d5c1a68d0ae23dda933dad651d6e31b8544c7e1e197e9a60e74206195d7a170dc01b496060db8ae6e714ebaf6dcc4ee35c2b062a1047

Score

10^/10

redline xmrig @suetnovmt infostealer miner spyware

Static task

static1

Behavioral task

behavioral1

Sample

CS GO VRedux v1.7.5.exe

Resource

win7-en-20211014

redline xmrig @suetnovmt infostealer miner spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CS GO VRedux v1.7.5.exe

Resource

win10-en-20211014

redline xmrig @suetnovmt infostealer miner spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@suetnovmt

C2

144.76.156.28:3333

Targets

- Target
  
  CS GO VRedux v1.7.5.exe
- Size
  
  4.2MB
- MD5
  
  d97da7a2fd5029b6889135908fea26f4
- SHA1
  
  3ae3076580e70f04a43937462fa8de641a1ef4fa
- SHA256
  
  0d57b6f5fac7ad9d056c338897137e6f19b0c21e02fd41212c835550a4600c25
- SHA512
  
  804884804f9457d8f6a4d5c1a68d0ae23dda933dad651d6e31b8544c7e1e197e9a60e74206195d7a170dc01b496060db8ae6e714ebaf6dcc4ee35c2b062a1047
Score

10^/10

redline xmrig @suetnovmt infostealer miner spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexmrig@suetnovmtinfostealerminerspyware

behavioral2

redlinexmrig@suetnovmtinfostealerminerspyware

© 2018-2024

Terms | Privacy