Extracted

• • Target

    e0cd7d5435c616086f418115d28d4896f69cdf1b20b76065f3d1b9d50d531295

  • Size

    367KB

  • MD5

    d8ab561934ca36b3ee80d5c7647a8b13

  • SHA1

    5a79fafcb1450f9acaf77462af5d205daa5e6917

  • SHA256

    e0cd7d5435c616086f418115d28d4896f69cdf1b20b76065f3d1b9d50d531295

  • SHA512

    9716f546c4f5b629da4adecba132a0dc32f28c50ff3506ad6df25a607aaa06498bcb38d4ff263f2fcece582aed17237f76e9b2c07c10a9d245126a779089bf17

  • SSDEEP

    6144:ymJqFODkY2/83sUc3j4CbgIjZoMqw8Wue1dQhnSdx:ymcODTQUc3j4CboMUWuedrx

  Score

  10^/10

  redlinelogsdiller cloud (tg: @logsdillabot)infostealerspywarexmrigevasionminerthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Stops running service(s)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2