General
-
Target
StartGame.exe
-
Size
1.8MB
-
Sample
220410-r5vm5sdgf2
-
MD5
42ce47eeeefb5e23381f9017e90ffe5c
-
SHA1
fb881e2eee6a9a6f21086db31158b18f78ff3cde
-
SHA256
2b5b9567b52c9d3a03d4d104b6dd965934233aa736cae0f8487bd4bb59dc19b2
-
SHA512
5875388de05ca047a5734c0579e9eb25dc6e9df4d09ee7dcbec99fcaac7b03b8fc6cebff71a61c14a8b3e64d82c0ab4e3fe95900b68429b63a87738538ee392a
Static task
static1
Behavioral task
behavioral1
Sample
StartGame.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
StartGame.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
redline
4
65.108.0.47:9436
-
auth_value
f1fb65089329725681df5dbf5a6fe532
Targets
-
-
Target
StartGame.exe
-
Size
1.8MB
-
MD5
42ce47eeeefb5e23381f9017e90ffe5c
-
SHA1
fb881e2eee6a9a6f21086db31158b18f78ff3cde
-
SHA256
2b5b9567b52c9d3a03d4d104b6dd965934233aa736cae0f8487bd4bb59dc19b2
-
SHA512
5875388de05ca047a5734c0579e9eb25dc6e9df4d09ee7dcbec99fcaac7b03b8fc6cebff71a61c14a8b3e64d82c0ab4e3fe95900b68429b63a87738538ee392a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-