Extracted

Extracted

• • Target

    Stealers.zip

  • Size

    5.2MB

  • MD5

    575a66667353e5b4fa3479426104ac1a

  • SHA1

    0552c9945b34faf2981cf1c260fc2d8178cd5d03

  • SHA256

    5d71a261e1c5140f0a4a34708cd513d7bfc9a7ca03854b8aa8b7533c1b761f98

  • SHA512

    32716ee79179a12f8a883781342f043802caf60907e4d7929f58230d1e7d3a985a16a5f4a2964955772dd4f943540c514027a149c04720191850908e3f40159d

  • SSDEEP

    98304:ZPQyyQIwG7arQegMA6OmuileVW073F7WyyQIwG7arQegMA6Omux:ZYrQIjurp6c8VW073IrQIjurp6f

  Score

  10^/10

  redlinexmrig@johnherbertnotdiscoveryevasionexecutioninfostealerminerpersistencephishingupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Xmrig family

    xmrig

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Creates new service(s)

    persistenceexecution

  • Stops running service(s)

    evasionexecution

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1