General
-
Target
StartGame.exe
-
Size
1.9MB
-
Sample
220426-tnhy5ahahk
-
MD5
34b54e8b6de2b4fb990da8f119c0041f
-
SHA1
db4bf80d3b4007e2f404a923231686f9ba425868
-
SHA256
5d7705859489383576e05748d3b2acff1a8dafac70f8901b75c890db2b82d4f6
-
SHA512
d3dd2c4600d00e1dbd597d0b1e6f38694890e4cce8742a138f9c8f9e4c1b3308e6f54104096b245437f0d2674e0174fa61568902b93e5cec636229cd94fbe6b1
Static task
static1
Behavioral task
behavioral1
Sample
StartGame.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
StartGame.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
65.108.5.252:43673
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
-
-
Target
StartGame.exe
-
Size
1.9MB
-
MD5
34b54e8b6de2b4fb990da8f119c0041f
-
SHA1
db4bf80d3b4007e2f404a923231686f9ba425868
-
SHA256
5d7705859489383576e05748d3b2acff1a8dafac70f8901b75c890db2b82d4f6
-
SHA512
d3dd2c4600d00e1dbd597d0b1e6f38694890e4cce8742a138f9c8f9e4c1b3308e6f54104096b245437f0d2674e0174fa61568902b93e5cec636229cd94fbe6b1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-