General
-
Target
Valorant SkinChanger.exe
-
Size
2.3MB
-
Sample
211023-te3beadcfn
-
MD5
2593da293c10bebca0895f0636e56689
-
SHA1
27201a2d876de5c1fc1b735f0f671398ebc6f2a5
-
SHA256
9e3f93ae0a1f76351b69714917b3f1cd965b09e2e696964b28d693c14f71f007
-
SHA512
fa6d250297cf381d5181a81d8efe319cc2f278383e992d98e72823dd37498cd8d04e43e6c8830995f2d8908e09cc2bcd8d1762cf9a2245f5387b2f317f74c469
Static task
static1
Behavioral task
behavioral1
Sample
Valorant SkinChanger.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Valorant SkinChanger.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
Valorant SkinChanger.exe
-
Size
2.3MB
-
MD5
2593da293c10bebca0895f0636e56689
-
SHA1
27201a2d876de5c1fc1b735f0f671398ebc6f2a5
-
SHA256
9e3f93ae0a1f76351b69714917b3f1cd965b09e2e696964b28d693c14f71f007
-
SHA512
fa6d250297cf381d5181a81d8efe319cc2f278383e992d98e72823dd37498cd8d04e43e6c8830995f2d8908e09cc2bcd8d1762cf9a2245f5387b2f317f74c469
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-