General
-
Target
Valorant Skin Changer.exe
-
Size
322KB
-
Sample
211015-1fxwmsbee6
-
MD5
1b2ce585b75dd6ac4252f0c5d81bcc47
-
SHA1
9c3f77550af38239cd96c487c3c81dab612fe2be
-
SHA256
0b1f550d5ca453918a4677958e69fe850951123f3bc78650ba2c98fcf6683fb5
-
SHA512
b84997aa754233c5f838e8131b35d2cdc2133b3cd2e86e44f5a8e7a5bc1ee495137f1b58076006c3a2d141b5bbd3c0889d08a93a7d520a158463fbccf7c0301c
Static task
static1
Behavioral task
behavioral1
Sample
Valorant Skin Changer.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Valorant Skin Changer.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@Joindsa
164.132.202.45:20588
Targets
-
-
Target
Valorant Skin Changer.exe
-
Size
322KB
-
MD5
1b2ce585b75dd6ac4252f0c5d81bcc47
-
SHA1
9c3f77550af38239cd96c487c3c81dab612fe2be
-
SHA256
0b1f550d5ca453918a4677958e69fe850951123f3bc78650ba2c98fcf6683fb5
-
SHA512
b84997aa754233c5f838e8131b35d2cdc2133b3cd2e86e44f5a8e7a5bc1ee495137f1b58076006c3a2d141b5bbd3c0889d08a93a7d520a158463fbccf7c0301c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-