redline | dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
Size

465KB
Sample

211119-r56qeaafdj
MD5

53e31cda31669abf73419e9840c7ba25
SHA1

cdb6af34c648a5c229a8f82e5f1960ef98446818
SHA256

dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
SHA512

d6972f2c3d2e9104c35337ad173f74ce1aaaac95ecabade0d9031a8bf5b6a8d27a7978b355cc5d931da08cc99b3f1e42f1abd7a0232c1c4bbd4f9371a2e51a47

Score

10^/10

redline xmrig xxluchxx1 discovery infostealer miner spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614.exe

Resource

win10-en-20211104

redline xmrig xxluchxx1 discovery infostealer miner spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

jaromawanave.xyz:80

Extracted

Family

redline

Botnet

xxluchxx1

C2

212.86.102.63:62907

Targets

- Target
  
  dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
- Size
  
  465KB
- MD5
  
  53e31cda31669abf73419e9840c7ba25
- SHA1
  
  cdb6af34c648a5c229a8f82e5f1960ef98446818
- SHA256
  
  dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
- SHA512
  
  d6972f2c3d2e9104c35337ad173f74ce1aaaac95ecabade0d9031a8bf5b6a8d27a7978b355cc5d931da08cc99b3f1e42f1abd7a0232c1c4bbd4f9371a2e51a47
Score

10^/10

redline xmrig xxluchxx1 discovery infostealer miner spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexmrigxxluchxx1discoveryinfostealerminerspywarestealer

© 2018-2024

Terms | Privacy