Detects Smokeloader packer

RedLine

RedLine Stealer is a malware family written in C#, first appearing in early 2020.

RedLine payload

SmokeLoader

Modular backdoor trojan in use since 2014.

Tofsee

Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

xmrig

XMRig is a high performance, open source, cross platform CPU/GPU miner.

XMRig Miner payload

Creates new service(s)

Downloads MZ/PE file

Executes dropped EXE

Modifies Windows Firewall

Sets service image path in registry