General
Target

StartGame.exe

Size

1MB

Sample

220421-m2ncfaafbq

Score
10/10
MD5

25c21aab69d1e63b0c9c60475b802bfd

SHA1

c3821a2f7e19ad83b867be99a43d56980f30640b

SHA256

cd0f9aa670c5bad5db2db4c3b98dca1449863b827a5c83a9f7891a60d97d2363

SHA512

d41fee747cd5e90a79c5d0bdf510f2aee8d5c1d680541b8c4ed9b7d4f5d83c4192eb5b5600ac286e38f4d8a9fd59e6793a7b08e6a9aee030ac7978fbe902441a

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.3.162:19747

Attributes
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
Target

StartGame.exe

MD5

25c21aab69d1e63b0c9c60475b802bfd

Filesize

1MB

Score
10/10
SHA1

c3821a2f7e19ad83b867be99a43d56980f30640b

SHA256

cd0f9aa670c5bad5db2db4c3b98dca1449863b827a5c83a9f7891a60d97d2363

SHA512

d41fee747cd5e90a79c5d0bdf510f2aee8d5c1d680541b8c4ed9b7d4f5d83c4192eb5b5600ac286e38f4d8a9fd59e6793a7b08e6a9aee030ac7978fbe902441a

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      1/10

                      behavioral2

                      Score
                      10/10