General
-
Target
Minecraft_ver3.1.exe
-
Size
238KB
-
Sample
210714-qghj6e8wb6
-
MD5
ee8eaf19a7dc7566de81f80704649d3b
-
SHA1
89075ec02747fd84f36f532244e77ee105893b92
-
SHA256
0c482db22cf1dc6dbc6ee7b678f98275db291fedfe42c4c0413141e00143a882
-
SHA512
bceaa7ba6e4133a12771f2487955091e9a507b53688df819d91cbaf5fa3968401a9c84f79c080dbbba7b3359706ae86d6f29badf9536c4d2af258d61a4c1ae1c
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft_ver3.1.exe
Resource
win7v20210410
Malware Config
Extracted
redline
ytmaloy3
46.8.19.196:53773
Targets
-
-
Target
Minecraft_ver3.1.exe
-
Size
238KB
-
MD5
ee8eaf19a7dc7566de81f80704649d3b
-
SHA1
89075ec02747fd84f36f532244e77ee105893b92
-
SHA256
0c482db22cf1dc6dbc6ee7b678f98275db291fedfe42c4c0413141e00143a882
-
SHA512
bceaa7ba6e4133a12771f2487955091e9a507b53688df819d91cbaf5fa3968401a9c84f79c080dbbba7b3359706ae86d6f29badf9536c4d2af258d61a4c1ae1c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-