General
-
Target
Minecraft_v3.1.exe
-
Size
255KB
-
Sample
210727-n79gr4j6fe
-
MD5
5030650a2af4334a14fe50c9217b01d5
-
SHA1
30eb851fc24f8860bef089f8328888762dbdf0db
-
SHA256
e3ca302504ca202ce505b69023c686568b74e4342b428807e88882b4b525667f
-
SHA512
8249d36a0653cf733690783f97d79e4faa98ff2830fb817757c5e5aff52dea8205a9a10cccf93d1a821803ccd5929a074c7a6d74378c4a44729c27cb26bbf11c
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft_v3.1.exe
Resource
win7v20210408
Malware Config
Extracted
redline
ytmaloy13
46.8.19.196:53773
Targets
-
-
Target
Minecraft_v3.1.exe
-
Size
255KB
-
MD5
5030650a2af4334a14fe50c9217b01d5
-
SHA1
30eb851fc24f8860bef089f8328888762dbdf0db
-
SHA256
e3ca302504ca202ce505b69023c686568b74e4342b428807e88882b4b525667f
-
SHA512
8249d36a0653cf733690783f97d79e4faa98ff2830fb817757c5e5aff52dea8205a9a10cccf93d1a821803ccd5929a074c7a6d74378c4a44729c27cb26bbf11c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-