Extracted

• • Target

    Injector.exe

  • Size

    2.6MB

  • MD5

    1e927277321ea1ad6ea6adb21b93ecd8

  • SHA1

    e9f631c34c72ba0ea2cba5e8a43a5e25971a7960

  • SHA256

    734ea8ecd523dc64cca5a8c4c0541bef85d30caff7c5f90c68071716ed1f9957

  • SHA512

    5f80620b7ead02fca31f65b3322a9bdbee5f17c53c5c4e957cef0c57246f1af25421a7dc8f81e1099f9a67b6d8c0da9eb09a78d5e3b7edad82be3b363aefc94f

  • SSDEEP

    24576:eOuJEYEHyIvTv3YlYhIEY3uuMfqdKrRNFPVHKyako+LhVag+eyjtLjHuvLl3RuQi:LuJxESIvTscrDakXadeyjtGvLl3C

  Score

  10^/10

  redlinexmriginfostealerminerpersistencespyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1