Overview

overview

10

Static

static

PrivateHack.exe

windows7-x64

10

PrivateHack.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PrivateHack.exe

  • Size

    1.1MB

  • Sample

    220728-x1qraaade7

  • MD5

    d6a2df8caa573872bbe9c8e8c59d6028

  • SHA1

    0b8eda3c0f420a608347f7b76df017e75c2a6e42

  • SHA256

    b4804fd9d41771474066b3f4c0fd95b5e7a18ad5194b19f26197bfefda65c8ca

  • SHA512

    7d728cf075ed54f17a16d393ce38a885e7386799b3cc9edc250f6a961ee64bc040e2886ec22bf3ea0e99fa6f88ddf0fbb021ed96fc20c4b90b1b667f7f3e71f4

Score
10/10
redlinexmrigytstealerinfostealerminerpersistencespywarestealerupx

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes
  • auth_value

    2809e5944cfb3e2f786ac4a1217ad4a9

Targets

    • Target

      PrivateHack.exe

    • Size

      1.1MB

    • MD5

      d6a2df8caa573872bbe9c8e8c59d6028

    • SHA1

      0b8eda3c0f420a608347f7b76df017e75c2a6e42

    • SHA256

      b4804fd9d41771474066b3f4c0fd95b5e7a18ad5194b19f26197bfefda65c8ca

    • SHA512

      7d728cf075ed54f17a16d393ce38a885e7386799b3cc9edc250f6a961ee64bc040e2886ec22bf3ea0e99fa6f88ddf0fbb021ed96fc20c4b90b1b667f7f3e71f4

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupxxmrigminerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks