Extracted

• • Target

    303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94

  • Size

    344KB

  • MD5

    8355f4fcb65efd4b4beed19a8282ce80

  • SHA1

    a100aee7b677a151302b13a449524f65a19156b2

  • SHA256

    303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94

  • SHA512

    c5792f4aa7349467191bb37053b9eea3ab047432d6aeba3fb6970f46fede8db7fcffd130bc67f5e9c50d8dfd948df2a7a950f2d56296ac277c33de430633f5ad

  • SSDEEP

    6144:gq6LFGh9VpSaYmn9EqgJ/ky4yuooh1S6E2B11vkbtIlzaa8+dpf3:gnwnu4EqPyuooz14WlzaaD

  Score

  10^/10

  xmrigevasionminerthemidatrojanupxredline875784825infostealerspyware

  • Modifies security service

    evasion

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Stops running service(s)

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2