Overview

overview

10

Static

static

76bdef9de3...9e.exe

windows7-x64

10

76bdef9de3...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76bdef9de3117ff2a00febc3b411bd576365644fb339e.exe

  • Size

    976KB

  • Sample

    230112-pffrksbf6y

  • MD5

    d1e9f82dd227a45c97dcda1eeaffb3df

  • SHA1

    4f432ddcdcc07b39cd731f0f5f6be8b85cad4f36

  • SHA256

    76bdef9de3117ff2a00febc3b411bd576365644fb339e9af93766e11feaa535d

  • SHA512

    33b9b7d563f083cae2c14869059090a80b97d9e5c385b55a969ed1684015c493eaf1ca47d8c284e69bed74a5880f22a461fcfb051ad2fe17b40f0c87ac2e2223

  • SSDEEP

    192:bfrIZqdCrLof/IMmfXXLoQWhLoaLew9O3:bDIZqdCrLq/IbfXXLRELSiO

Score
10/10
purecrypterredlinexmrig5633308507evasioninfostealerloaderminerpersistencespywaretrojanupx

Malware Config

Extracted

Family

redline

Botnet

5633308507

C2

65.21.237.20:43077

Attributes
  • auth_value

    a53ea2c0cc054e8615f91cd47c18a2de

Targets

    • Target

      76bdef9de3117ff2a00febc3b411bd576365644fb339e.exe

    • Size

      976KB

    • MD5

      d1e9f82dd227a45c97dcda1eeaffb3df

    • SHA1

      4f432ddcdcc07b39cd731f0f5f6be8b85cad4f36

    • SHA256

      76bdef9de3117ff2a00febc3b411bd576365644fb339e9af93766e11feaa535d

    • SHA512

      33b9b7d563f083cae2c14869059090a80b97d9e5c385b55a969ed1684015c493eaf1ca47d8c284e69bed74a5880f22a461fcfb051ad2fe17b40f0c87ac2e2223

    • SSDEEP

      192:bfrIZqdCrLof/IMmfXXLoQWhLoaLew9O3:bDIZqdCrLq/IbfXXLRELSiO

    Score
    10/10
    purecrypterredlinexmrig5633308507evasioninfostealerloaderminerpersistencespywaretrojanupx

    • Detect PureCrypter loader

      loader

    • Modifies security service

      evasion

    • PureCrypter

      PureCrypter is a loader which is intended for downloading and executing additional payloads.

      trojanloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks