General
-
Target
CS GO VRedux v1.7.5.exe
-
Size
4.2MB
-
Sample
211027-shjg2afce2
-
MD5
d97da7a2fd5029b6889135908fea26f4
-
SHA1
3ae3076580e70f04a43937462fa8de641a1ef4fa
-
SHA256
0d57b6f5fac7ad9d056c338897137e6f19b0c21e02fd41212c835550a4600c25
-
SHA512
804884804f9457d8f6a4d5c1a68d0ae23dda933dad651d6e31b8544c7e1e197e9a60e74206195d7a170dc01b496060db8ae6e714ebaf6dcc4ee35c2b062a1047
Static task
static1
Behavioral task
behavioral1
Sample
CS GO VRedux v1.7.5.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
CS GO VRedux v1.7.5.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@suetnovmt
144.76.156.28:3333
Targets
-
-
Target
CS GO VRedux v1.7.5.exe
-
Size
4.2MB
-
MD5
d97da7a2fd5029b6889135908fea26f4
-
SHA1
3ae3076580e70f04a43937462fa8de641a1ef4fa
-
SHA256
0d57b6f5fac7ad9d056c338897137e6f19b0c21e02fd41212c835550a4600c25
-
SHA512
804884804f9457d8f6a4d5c1a68d0ae23dda933dad651d6e31b8544c7e1e197e9a60e74206195d7a170dc01b496060db8ae6e714ebaf6dcc4ee35c2b062a1047
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-