Overview

overview

10

Static

static

Minecraft ...on.dll

windows7_x64

1

Minecraft ...on.dll

windows10_x64

1

Minecraft ....2.exe

windows7_x64

10

Minecraft ....2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Minecraft v3.2.zip

  • Size

    109KB

  • Sample

    210715-jrdlm87z5j

  • MD5

    a883dc99de4fd5f9554257ea4f708ada

  • SHA1

    7789f53746be5d814a3b5718fc491bfbd9d0d33c

  • SHA256

    aeb07f79eb4d5365e382273bcb6416bd43314cfa4f685055c9abb224e297ab1f

  • SHA512

    e6b9f72dc41cb416363148960b5c02bd82fe69f0030612c5b01b6794ef28245dd7f2f15052ec62d0981a404a4ae201f8dbd7d3157147fb61e7ba8439f81632a4

Score
10/10
redlineytmaloy4agilenetcrypteddiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ytmaloy4

C2

46.8.19.196:53773

Targets

    • Target

      Minecraft v3.2/Activation.dll

    • Size

      961B

    • MD5

      4dca41ade3ea40ac6414fa8b45fc4309

    • SHA1

      8d837c4e53dc6df1289ee7eb1072528a9f7f5204

    • SHA256

      f20625f2f0c3ba9afd25f301aeb6df46b8781883bebbdd0531eab14c715c7c46

    • SHA512

      4d149b71c1220584a3646ced51081580113ab08006ffa05a8e2f42471fd0856ac89f7b99dbfe896a5b0b8c1cee2c3620b68ebbed7bf6f72bcfd613882094b74e

    Score
    1/10
    behavioral1behavioral2

    • Target

      Minecraft v3.2/Minecraft_v3.2.exe

    • Size

      204KB

    • MD5

      242a4e885799f3ee236c3c69ee1756d3

    • SHA1

      1a0210297cb259e5b0a0750bf7eb3407a386836b

    • SHA256

      d35d5b5ff516cdea2f6c27d47a7cf9d922bf14d4c3cef826c80f62aaad07afeb

    • SHA512

      25430d894ea4791edd1edabf757e4bb5a6c3626f552a58ea40c6c9df48ad9b3892dcc9013e54b13432f9579eb96817268b8e82f59cfadca53a709600b03c5279

    Score
    10/10
    redlineytmaloy4agilenetcrypteddiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • malware_crypter

      obfuscate malware code.

      crypted

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks