Overview

overview

10

Static

static

StartGame.exe

windows7_x64

1

StartGame.exe

windows10-2004_x64

10
General
Target

StartGame.exe

Size

1MB

Sample

220425-w3qnmachf6

Score
10/10
MD5

b1f4951ae02d58add4f4a6a46cc4774c

SHA1

8f41c9104ad23ca86c273051fae75cb0238d6cf1

SHA256

e34a748ce28475187efe7a9306a5fd20a44a0d40ba606bd5847efb6243267096

SHA512

46d414281e4a4fb0aeb9749c249cd8007fc44e8b9b6b918eb46e1022bb4057b673adcc07e9c678427a7c35120697cba79ebea760f247fe46a340f36c00b42c52

Malware Config

Extracted

Family

redline
Botnet

1
C2

65.108.5.252:43673
Attributes
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
Target

StartGame.exe

MD5

b1f4951ae02d58add4f4a6a46cc4774c

Filesize

1MB

Score
10/10
SHA1

8f41c9104ad23ca86c273051fae75cb0238d6cf1

SHA256

e34a748ce28475187efe7a9306a5fd20a44a0d40ba606bd5847efb6243267096

SHA512

46d414281e4a4fb0aeb9749c249cd8007fc44e8b9b6b918eb46e1022bb4057b673adcc07e9c678427a7c35120697cba79ebea760f247fe46a340f36c00b42c52

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      1/10

                      behavioral2

                      Score
                      10/10