redline | 72ef598f8e69e142e21fef23cff48d2e9e49dcd142c12189656eab3269b454eb | Triage

Submit
Reports

Overview

overview

Static

static

3

a2059ca771...da.exe

windows7-x64

a2059ca771...da.exe

windows10-2004-x64

Sharing

General

Target

a2059ca7715450dc171f7608325744da.exe
Size

45.0MB
Sample

240703-fs5f2ayere
MD5

a2059ca7715450dc171f7608325744da
SHA1

59f73376071e1e81471e8452db1c188340885a2f
SHA256

72ef598f8e69e142e21fef23cff48d2e9e49dcd142c12189656eab3269b454eb
SHA512

8c2ab1eb0e74a35883f35031c80c98ac63301b21350978d3d322aaf1fc9f02fa7f96cf1f824818f04a821c7f50029a8b9d7b423cf488fd9121dfa00cc0f2562b
SSDEEP

786432:m5/faR80BcXAYOuzNYe6NAApOAsExCWUs38wJ/YSGlWfzewb7wrSvMEBE25t:wfiBOAY3j6NB1h/3JJ/YSdfA+vMEBE2r

Score

10^/10

redline xmrig 1 discovery execution exploit infostealer miner pyinstaller

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2059ca7715450dc171f7608325744da.exe

Resource

win7-20240611-en

redline xmrig 1 discovery execution exploit infostealer miner pyinstaller

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2059ca7715450dc171f7608325744da.exe

Resource

win10v2004-20240611-en

redline xmrig 1 discovery execution exploit infostealer miner pyinstaller

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

147.45.78.229:43674

Targets

- Target
  
  a2059ca7715450dc171f7608325744da.exe
- Size
  
  45.0MB
- MD5
  
  a2059ca7715450dc171f7608325744da
- SHA1
  
  59f73376071e1e81471e8452db1c188340885a2f
- SHA256
  
  72ef598f8e69e142e21fef23cff48d2e9e49dcd142c12189656eab3269b454eb
- SHA512
  
  8c2ab1eb0e74a35883f35031c80c98ac63301b21350978d3d322aaf1fc9f02fa7f96cf1f824818f04a821c7f50029a8b9d7b423cf488fd9121dfa00cc0f2562b
- SSDEEP
  
  786432:m5/faR80BcXAYOuzNYe6NAApOAsExCWUs38wJ/YSGlWfzewb7wrSvMEBE25t:wfiBOAY3j6NB1h/3JJ/YSdfA+vMEBE2r
Score

10^/10

redline xmrig 1 discovery execution exploit infostealer miner pyinstaller
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinexmrig1discoveryexecutionexploitinfostealerminerpyinstaller

behavioral2

redlinexmrig1discoveryexecutionexploitinfostealerminerpyinstaller

© 2018-2024

Terms | Privacy