General
-
Target
XWormBeta_Dos.exe
-
Size
23.1MB
-
Sample
241214-mp7kjs1lbr
-
MD5
d389f84f0da8a7a89e0b0acbf24757bb
-
SHA1
176d944f9e510988786ec1952a81c950b2ebebbc
-
SHA256
ef3f2437199b8f0ab6729ea14728e9be3741da5fe951871aee082bec21a56d7b
-
SHA512
6a600340dbe194b2739e7e55233bca0cdfe51d5eb2d1d5886a79d7320b7b53ce5bb6a282f182e4073e87ce14741d947592f40e75ae04b2e11b1c73181b24e52b
-
SSDEEP
393216:umJClI5MjYCuwuVfH9RpaRZL1e6RxZzczo0ZaF5E2pya4xJPAuRqOvR:qI5MQNf9aRZL06RxZzcz6F5rya4xJPdD
Static task
static1
Behavioral task
behavioral1
Sample
XWormBeta_Dos.exe
Resource
win7-20241010-en
Malware Config
Extracted
redline
DARKWEB
89.22.234.180:40608
-
auth_value
cf407bc0c9a8384bb62aa110b7844cfe
Targets
-
-
Target
XWormBeta_Dos.exe
-
Size
23.1MB
-
MD5
d389f84f0da8a7a89e0b0acbf24757bb
-
SHA1
176d944f9e510988786ec1952a81c950b2ebebbc
-
SHA256
ef3f2437199b8f0ab6729ea14728e9be3741da5fe951871aee082bec21a56d7b
-
SHA512
6a600340dbe194b2739e7e55233bca0cdfe51d5eb2d1d5886a79d7320b7b53ce5bb6a282f182e4073e87ce14741d947592f40e75ae04b2e11b1c73181b24e52b
-
SSDEEP
393216:umJClI5MjYCuwuVfH9RpaRZL1e6RxZzczo0ZaF5E2pya4xJPAuRqOvR:qI5MQNf9aRZL06RxZzcz6F5rya4xJPdD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Xmrig family
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-