Extracted

• • Target

    879A1CC064DBB64D3EC72FD1C246376E.exe

  • Size

    168KB

  • MD5

    879a1cc064dbb64d3ec72fd1c246376e

  • SHA1

    29b7a5d7c3d890e4cd57c977ff0e0c6cf03010f8

  • SHA256

    b5bb65f44c5f4e5021f914a090fc8167d7ab5f93b69bb589b283d8a1b80d18c8

  • SHA512

    402d10f1ec986de7f6de6820378f92fb43853a64a808bb0a9dcea5178859b89048f262242d1502c65dd8d499a107178be6a57af9cea45ed43ad8f68b62fc4bd0

  • SSDEEP

    3072:V0ODgnL3kfWp5Z466hJOVukx+qVEA9YbbCLmwB8e8hH:uOD+FkE+ogbCLmwB

  Score

  10^/10

  redlinexyidiscoveryinfostealerspywarestealerxmrigminerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • XMRig Miner payload

    miner

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2