Extracted

• • Target

    GenshinHack v.7.2.exe

  • Size

    341KB

  • MD5

    f4a22162b085ceb3d5f39ce58d3e6716

  • SHA1

    595ce4202824c5277696bad62632e02f899636b5

  • SHA256

    bb0427a0937b030d982b4f9085cf3b07d246a77a2106cad6116500b13393e109

  • SHA512

    c05ab6910db436c0d729eec517ff83e3447b815e5d0a39681343afc7bcb7cc63ec9741be24231cc9d276ba922f0f2c54021f86a703790fa521706d08e268105a

  Score

  10^/10

  redline5427245849infostealerxmrigdiscoveryevasionexploitminerspywarestealer

  • Modifies security service

    evasion

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Possible privilege escalation attempt

    exploit

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2