Ah - OK, "redtail" is XMRig version 6.21.2:

XMRIG_VERSION
6.21.2
XMRIG_KIND
miner
XMRIG_HOSTNAME
XMRIG_EXE
XMRIG_EXE_DIR
XMRIG_CWD
XMRIG_HOME_DIR
XMRIG_TEMP_DIR
XMRIG_DATA_DIR
HOSTNAME

#infosec #cybersecurity #cryptojack

.....

Cortex-A77
Cortex-A76AE
Cortex-R52
Cortex-R82
Cortex-M23
Cortex-M33
Neoverse-V1
Cortex-A78
Cortex-A78AE
Cortex-A65AE
Cortex-X1
Cortex-A510
Cortex-A710
Cortex-X2
Neoverse-N2
Neoverse-E1
Cortex-A78C
Cortex-X1C
Cortex-A715
Cortex-X3
Neoverse-V2

#infosec #cybersecurity #cryptojack

.....

ThunderX3-T110
SA110
SA1100
Brahma-B15
Brahma-B53
ThunderX2
ARM810
ARM920
ARM922
ARM926
ARM940
ARM946
ARM966
ARM1020
ARM1022
ARM1026
ARM11 MPCore
ARM1136
ARM1156
ARM1176
Cortex-A5
Cortex-A7
Cortex-A8
Cortex-A9
Cortex-A17
Cortex-A15
Cortex-R4
Cortex-R5
Cortex-R7
Cortex-R8
Cortex-M0
Cortex-M1
Cortex-M3
Cortex-M4
Cortex-M7
Cortex-M0+
Cortex-A32
Cortex-A34
Cortex-A53
Cortex-A35
Cortex-A55
Cortex-A65
Cortex-A57
Cortex-A72
Cortex-A73
Cortex-A75
Neoverse-N1

#infosec #cybersecurity #cryptojack

These are some of the core machines it will run on (quite long):

CPU implementer
CPU part
{} {}
Broadcom
Cavium
FUJITSU
HiSilicon
Nvidia
Qualcomm
Samsung
Marvell
Apple
Faraday
Intel
Phytium
Ampere
Ampere-1
Ampere-1a
FTC660
FTC661
FTC662
FTC663
M1-Pro
M1-Max
M2-Pro
M2-Max
Kunpeng-920
Cortex-A76
A64FX
i80200
PXA250A
PXA210A
i80321-400
i80321-600

#infosec #cybersecurity #cryptojack

It seems "redtail" does a thorough examination of the victim's hardware and then attempts to configure the mining software to run on it. If it can't figure out a valid config it then farms out the config process to:
https://xmrig.com/wizard

#infosec #cybersecurity #cryptojack

From this I'm making the assumption that this executable is related to crypto currency.
I'd guess it's either looking to steal crypto or has intentions of hijacking the CPUs to do mining (Cryptojacking).

#infosec #cybersecurity #cryptojack

... and even more:

rx/test
randomx
randomx/wow
randomwow
randomx/arq
randomarq
randomx/graft
randomgraft
randomx/sfx
randomsfx
randomx/keva
randomkeva
chukwa
chukwav2
argon2/wrkz
argon2/ninja
argon2/chukwav2
argon2/chukwa
argon2
rx/keva
rx/sfx
rx/graft
rx/arq
rx/wow
rx/0
cn/ccx
cn/double
cn/zls
cn/rwz
cn/rto
cn/xao
cn/half
cn/fast
cn/r
cn/2
cn/1
cn/0
UNKNOWN_COIN

#infosec #cybersecurity #cryptojack

After decompressing with upx-ucl and then looking for strings...

cryptonight/0
cryptonight
cryptonight/1
cryptonight-monerov7
cryptonight_v7
cryptonight/2
cryptonight-monerov8
cryptonight_v8
cryptonight/fast
cryptonight/msr
cn/msr
cryptonight/r
cryptonight_r
cryptonight/xao
cryptonight_alloy
cryptonight/half
cryptonight/rto
cryptonight/rwz
cryptonight/zls
cryptonight/double
cryptonight/ccx
cryptonight/conceal
cn/conceal
randomx/0
randomx/test

#infosec #cybersecurity #cryptojack

The redtail executables are packed with:
https://upx.github.io/

#infosec #cybersecurity #cryptojack