General
-
Target
Minecraft_v4.4.exe
-
Size
195KB
-
Sample
210726-1gnxshwta6
-
MD5
75ae04f0b6f9cef7fd9849e1dc8d6ec5
-
SHA1
64bebd642cae5d4dea5a6853df5a769cc251bb14
-
SHA256
eff4049dba8118d9feb24762301082096710681ee2310cf8afa404898ae6a133
-
SHA512
6688505ce37f5a2ce5e42ed2e92ad446afd8c7888f2c320f7e43c82e87c15f32f510265b23bbf55f0ce54a1d5012c75f480a23f22744ff3a6cc99c39187809e7
Malware Config
Extracted
redline
ytmaloy10
46.8.19.196:53773
Targets
-
-
Target
Minecraft_v4.4.exe
-
Size
195KB
-
MD5
75ae04f0b6f9cef7fd9849e1dc8d6ec5
-
SHA1
64bebd642cae5d4dea5a6853df5a769cc251bb14
-
SHA256
eff4049dba8118d9feb24762301082096710681ee2310cf8afa404898ae6a133
-
SHA512
6688505ce37f5a2ce5e42ed2e92ad446afd8c7888f2c320f7e43c82e87c15f32f510265b23bbf55f0ce54a1d5012c75f480a23f22744ff3a6cc99c39187809e7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-