General
-
Target
StartGame.exe
-
Size
1.8MB
-
Sample
220425-w2r53achf4
-
MD5
b1f4951ae02d58add4f4a6a46cc4774c
-
SHA1
8f41c9104ad23ca86c273051fae75cb0238d6cf1
-
SHA256
e34a748ce28475187efe7a9306a5fd20a44a0d40ba606bd5847efb6243267096
-
SHA512
46d414281e4a4fb0aeb9749c249cd8007fc44e8b9b6b918eb46e1022bb4057b673adcc07e9c678427a7c35120697cba79ebea760f247fe46a340f36c00b42c52
Static task
static1
Behavioral task
behavioral1
Sample
StartGame.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
StartGame.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
65.108.5.252:43673
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
-
-
Target
StartGame.exe
-
Size
1.8MB
-
MD5
b1f4951ae02d58add4f4a6a46cc4774c
-
SHA1
8f41c9104ad23ca86c273051fae75cb0238d6cf1
-
SHA256
e34a748ce28475187efe7a9306a5fd20a44a0d40ba606bd5847efb6243267096
-
SHA512
46d414281e4a4fb0aeb9749c249cd8007fc44e8b9b6b918eb46e1022bb4057b673adcc07e9c678427a7c35120697cba79ebea760f247fe46a340f36c00b42c52
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-