General
-
Target
StartGame.exe
-
Size
1.8MB
-
Sample
220419-qsyctsaecr
-
MD5
7da7ff4e1d62f1925fabe8bf396f672b
-
SHA1
04624641389c317995bdcd4c7af793b273047c7c
-
SHA256
68f5fba7506b5519af2202e9538aa65bef9a6b40de6f01fec7df3a1500b3d85f
-
SHA512
6b3a95bd01745e83f7a05dc1b2026ef714190a4af964e92010cd422c46246356a76efd2e15af5a7833519a7c823884a7b235f95fc99d1263870e3d3533ce3374
Static task
static1
Behavioral task
behavioral1
Sample
StartGame.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
StartGame.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
2
65.108.41.163:38151
-
auth_value
8ef2f7e3bf71e827d3411c71c9064440
Targets
-
-
Target
StartGame.exe
-
Size
1.8MB
-
MD5
7da7ff4e1d62f1925fabe8bf396f672b
-
SHA1
04624641389c317995bdcd4c7af793b273047c7c
-
SHA256
68f5fba7506b5519af2202e9538aa65bef9a6b40de6f01fec7df3a1500b3d85f
-
SHA512
6b3a95bd01745e83f7a05dc1b2026ef714190a4af964e92010cd422c46246356a76efd2e15af5a7833519a7c823884a7b235f95fc99d1263870e3d3533ce3374
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-