General
-
Target
Minecraft_v4.4.exe
-
Size
1.3MB
-
Sample
210811-41smgknnd2
-
MD5
d60df4a3ea6bce524650ba94f6339e39
-
SHA1
4805dc2d49d362028d48af9142f1abbe313e78c6
-
SHA256
172b6209ca78d8006297f41fded71268689f8b9be88513673af4420c12176c75
-
SHA512
8991e4b8b7b7602c8a8c2ea69bcb537d8d9c176ff79d151a7337334366dd9c637fc057f541298e92194f5a3a346423dfb7eca0a3e0b941b3bde59232ab5dce67
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft_v4.4.exe
Resource
win7v20210408
Malware Config
Extracted
redline
boss8
109.248.201.150:63757
Targets
-
-
Target
Minecraft_v4.4.exe
-
Size
1.3MB
-
MD5
d60df4a3ea6bce524650ba94f6339e39
-
SHA1
4805dc2d49d362028d48af9142f1abbe313e78c6
-
SHA256
172b6209ca78d8006297f41fded71268689f8b9be88513673af4420c12176c75
-
SHA512
8991e4b8b7b7602c8a8c2ea69bcb537d8d9c176ff79d151a7337334366dd9c637fc057f541298e92194f5a3a346423dfb7eca0a3e0b941b3bde59232ab5dce67
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-