General
-
Target
Fivem_Hack.exe
-
Size
324KB
-
Sample
211114-qncwbsgdf8
-
MD5
9754ec8f2ce3f36f0a6109e9e133de0d
-
SHA1
b480383e43440e6dd25c12c223c4dc0aa1a2c3f2
-
SHA256
0453f9ed4c91eced248cfb6259286dd3a908dc470240dfae4ec4f41b68b9bc29
-
SHA512
dc712713aab342e8a4341a27029972fec3522e9c141c17e3e8a366909c0ffce54b43a5a4d30a649bdbd7331066f9767180dc3b6a0a8cf0276981413e6c9ebe75
Static task
static1
Behavioral task
behavioral1
Sample
Fivem_Hack.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
164.132.202.23:35481
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
Fivem_Hack.exe
-
Size
324KB
-
MD5
9754ec8f2ce3f36f0a6109e9e133de0d
-
SHA1
b480383e43440e6dd25c12c223c4dc0aa1a2c3f2
-
SHA256
0453f9ed4c91eced248cfb6259286dd3a908dc470240dfae4ec4f41b68b9bc29
-
SHA512
dc712713aab342e8a4341a27029972fec3522e9c141c17e3e8a366909c0ffce54b43a5a4d30a649bdbd7331066f9767180dc3b6a0a8cf0276981413e6c9ebe75
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-