General
-
Target
Cheat.exe
-
Size
1.5MB
-
Sample
211023-t4ss9scdc7
-
MD5
f567e7f230994425ae32af49c31fa4b3
-
SHA1
1a446323d5092737c1151635ba65e25a18cdda58
-
SHA256
4a3be4ff2f613bd0389b3c65b0db723f190e83120a4a97abb2063e5c9d2b897a
-
SHA512
86a313994c94e9d8b28470713679336d35e8812c951f18c41e42a4e6fd1cc11bae4d131dd96dd4746e076c4bff33b5e2e7cf0669d76b168eaf6a6021cfd95ef7
Malware Config
Extracted
redline
cheat
194.61.0.151:56384
Targets
-
-
Target
Cheat.exe
-
Size
1.5MB
-
MD5
f567e7f230994425ae32af49c31fa4b3
-
SHA1
1a446323d5092737c1151635ba65e25a18cdda58
-
SHA256
4a3be4ff2f613bd0389b3c65b0db723f190e83120a4a97abb2063e5c9d2b897a
-
SHA512
86a313994c94e9d8b28470713679336d35e8812c951f18c41e42a4e6fd1cc11bae4d131dd96dd4746e076c4bff33b5e2e7cf0669d76b168eaf6a6021cfd95ef7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-