General

  • Target

    ReboundMenu_V4.15.3.exe

  • Size

    1.7MB

  • Sample

    220415-hzekasdha3

  • MD5

    11bee17705209c6aa6789c93d3789eaa

  • SHA1

    93098eab6c80fbd80d538385d1fafc5dd20500b2

  • SHA256

    484525c831d15dfb80c4355a6995f331a15e3a3bdeea43746e5d4000a16b27e6

  • SHA512

    b0bedfb38d641d0667dd14161f36bd3a16b80dbd54be9840cad88d04d97385334cd112176456f923b5e443d13b43227f5229a7ade644c1048ec704eb71de2fd2

Malware Config

Extracted

Family

redline

C2

185.186.142.127:6737

Attributes
  • auth_value

    69a1f5b6b455ba880252fbfe1168b351

Targets

    • Target

      ReboundMenu_V4.15.3.exe

    • Size

      1.7MB

    • MD5

      11bee17705209c6aa6789c93d3789eaa

    • SHA1

      93098eab6c80fbd80d538385d1fafc5dd20500b2

    • SHA256

      484525c831d15dfb80c4355a6995f331a15e3a3bdeea43746e5d4000a16b27e6

    • SHA512

      b0bedfb38d641d0667dd14161f36bd3a16b80dbd54be9840cad88d04d97385334cd112176456f923b5e443d13b43227f5229a7ade644c1048ec704eb71de2fd2

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks