Overview

overview

10

Static

static

Valorant S...er.exe

windows7_x64

10

Valorant S...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Valorant Skin Changer.exe

  • Size

    322KB

  • Sample

    211015-1fxwmsbee6

  • MD5

    1b2ce585b75dd6ac4252f0c5d81bcc47

  • SHA1

    9c3f77550af38239cd96c487c3c81dab612fe2be

  • SHA256

    0b1f550d5ca453918a4677958e69fe850951123f3bc78650ba2c98fcf6683fb5

  • SHA512

    b84997aa754233c5f838e8131b35d2cdc2133b3cd2e86e44f5a8e7a5bc1ee495137f1b58076006c3a2d141b5bbd3c0889d08a93a7d520a158463fbccf7c0301c

Score
10/10
redline@joindsainfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@Joindsa

C2

164.132.202.45:20588

Targets

    • Target

      Valorant Skin Changer.exe

    • Size

      322KB

    • MD5

      1b2ce585b75dd6ac4252f0c5d81bcc47

    • SHA1

      9c3f77550af38239cd96c487c3c81dab612fe2be

    • SHA256

      0b1f550d5ca453918a4677958e69fe850951123f3bc78650ba2c98fcf6683fb5

    • SHA512

      b84997aa754233c5f838e8131b35d2cdc2133b3cd2e86e44f5a8e7a5bc1ee495137f1b58076006c3a2d141b5bbd3c0889d08a93a7d520a158463fbccf7c0301c

    Score
    10/10
    redline@joindsainfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks