redline | 1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
Size

2.6MB
Sample

221005-g5hngadec6
MD5

6a8a4668a9d0211a51d7deab1c934a06
SHA1

0f3d62956f06f50927a3a607c7dedbead636be89
SHA256

1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
SHA512

882ca3b713fd17a635ea7827c99edb0855f99f916033adea3734b4273c0038c1287ded4c2aa0275c7ad6c36a283cd5fa1ae42f3da0bb2a4e52e4c4bbe59231d4
SSDEEP

24576:DSFcFJUhQltYiYSAtQQ6HMhNwdPHJOcQxzozzmXnSF6CfLpEel3RuQ55313Z:3UhQn/dc7XSF6Cf1/l33

Score

10^/10

redline xmrig infostealer miner persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a.exe

Resource

win10v2004-20220901-en

redline xmrig infostealer miner persistence spyware

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

193.106.191.160:8673

Attributes

auth_value
b452e7074eb79e37fc942576d3e3c701

Targets

- Target
  
  1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
- Size
  
  2.6MB
- MD5
  
  6a8a4668a9d0211a51d7deab1c934a06
- SHA1
  
  0f3d62956f06f50927a3a607c7dedbead636be89
- SHA256
  
  1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
- SHA512
  
  882ca3b713fd17a635ea7827c99edb0855f99f916033adea3734b4273c0038c1287ded4c2aa0275c7ad6c36a283cd5fa1ae42f3da0bb2a4e52e4c4bbe59231d4
- SSDEEP
  
  24576:DSFcFJUhQltYiYSAtQQ6HMhNwdPHJOcQxzozzmXnSF6CfLpEel3RuQ55313Z:3UhQn/dc7XSF6Cf1/l33
Score

10^/10

redline xmrig infostealer miner persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexmriginfostealerminerpersistencespyware

© 2018-2024

Terms | Privacy