General

  • Target

    XWormBeta_Dos.exe

  • Size

    23.1MB

  • Sample

    241214-mp7kjs1lbr

  • MD5

    d389f84f0da8a7a89e0b0acbf24757bb

  • SHA1

    176d944f9e510988786ec1952a81c950b2ebebbc

  • SHA256

    ef3f2437199b8f0ab6729ea14728e9be3741da5fe951871aee082bec21a56d7b

  • SHA512

    6a600340dbe194b2739e7e55233bca0cdfe51d5eb2d1d5886a79d7320b7b53ce5bb6a282f182e4073e87ce14741d947592f40e75ae04b2e11b1c73181b24e52b

  • SSDEEP

    393216:umJClI5MjYCuwuVfH9RpaRZL1e6RxZzczo0ZaF5E2pya4xJPAuRqOvR:qI5MQNf9aRZL06RxZzcz6F5rya4xJPdD

Malware Config

Extracted

Family

redline

Botnet

DARKWEB

C2

89.22.234.180:40608

Attributes
  • auth_value

    cf407bc0c9a8384bb62aa110b7844cfe

Targets

    • Target

      XWormBeta_Dos.exe

    • Size

      23.1MB

    • MD5

      d389f84f0da8a7a89e0b0acbf24757bb

    • SHA1

      176d944f9e510988786ec1952a81c950b2ebebbc

    • SHA256

      ef3f2437199b8f0ab6729ea14728e9be3741da5fe951871aee082bec21a56d7b

    • SHA512

      6a600340dbe194b2739e7e55233bca0cdfe51d5eb2d1d5886a79d7320b7b53ce5bb6a282f182e4073e87ce14741d947592f40e75ae04b2e11b1c73181b24e52b

    • SSDEEP

      393216:umJClI5MjYCuwuVfH9RpaRZL1e6RxZzczo0ZaF5E2pya4xJPAuRqOvR:qI5MQNf9aRZL06RxZzcz6F5rya4xJPdD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks