Extracted

Extracted

• • Target

    b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

  • Size

    180KB

  • MD5

    32f56792f2fe85c1913abaa32d95b673

  • SHA1

    112885f42b9f4bd1ba4f9ebe3ec43b63e902aeb6

  • SHA256

    b6ec4fd72986c66bc55587d261594d2511ab45cc7d25b27fe808839d65cdd57f

  • SHA512

    f41a6c72eae408a7f3004d948eaf170a2f2dff7f2f945b157c0772e1ec89e4178a12cacb9240171f081802714892840ea1d4888c52c04ab06c5ac6a69e32eabb

  Score

  10^/10

  redlinetofseexmrigmario10_05_50kcollectionevasioninfostealerminerpersistencesuricatatrojanvmprotect

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner Payload

    miner

  • Creates new service(s)

    persistence

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Deletes itself

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1