General
-
Target
0f2e421f949a6d8ed026aced52e190720ff2da977356b0af6990a97e0c6768f0
-
Size
1020KB
-
Sample
230523-vavw7sgc29
-
MD5
cd362530633fc9e858f21aa91bd5b7fe
-
SHA1
f03ef796bf3d11be1208f5cececc6cce4571e5fb
-
SHA256
0f2e421f949a6d8ed026aced52e190720ff2da977356b0af6990a97e0c6768f0
-
SHA512
7fca272a1d7a7718eb0a7062606b76054559725fe1e10ff9878929df1b1f3223237ae294c4fb1a6520897ba5f8ee526ce47fd1551eb215e850ec77d4b0b5c584
-
SSDEEP
24576:lyHSGQBK1vWTQZLchtpOpXmFezgPHEanSHov:AHXWxQxchEWFezcHE+Q
Malware Config
Extracted
redline
lupa
83.97.73.122:19062
-
auth_value
6a764aa41830c77712442516d143bc9c
Targets
-
-
Target
0f2e421f949a6d8ed026aced52e190720ff2da977356b0af6990a97e0c6768f0
-
Size
1020KB
-
MD5
cd362530633fc9e858f21aa91bd5b7fe
-
SHA1
f03ef796bf3d11be1208f5cececc6cce4571e5fb
-
SHA256
0f2e421f949a6d8ed026aced52e190720ff2da977356b0af6990a97e0c6768f0
-
SHA512
7fca272a1d7a7718eb0a7062606b76054559725fe1e10ff9878929df1b1f3223237ae294c4fb1a6520897ba5f8ee526ce47fd1551eb215e850ec77d4b0b5c584
-
SSDEEP
24576:lyHSGQBK1vWTQZLchtpOpXmFezgPHEanSHov:AHXWxQxchEWFezcHE+Q
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
LoaderBot executable
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-