General
-
Target
SkyBlade.zip
-
Size
3.3MB
-
Sample
220426-tq6szadce9
-
MD5
2fd4dce0446f6486a51f76fa060b4a9c
-
SHA1
ca87023eaa53241836ac88896a250c3e43da83b0
-
SHA256
1cf0da9bcc56cbe8f6903f7663c9e11b77f46830b12a6f5e65a750a5cf6e4a64
-
SHA512
9605d166849fa84b9a43da8c661399b8f8e42a635d7c46c388edf4498550a584fa88c8bb8886983b6f8f7b8f7e3ad84952f7e641571324fbf222d46bcbb295d6
Static task
static1
Behavioral task
behavioral1
Sample
SkyBlade/StartGame.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SkyBlade/StartGame.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
65.108.5.252:43673
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
-
-
Target
SkyBlade/StartGame.exe
-
Size
1.9MB
-
MD5
34b54e8b6de2b4fb990da8f119c0041f
-
SHA1
db4bf80d3b4007e2f404a923231686f9ba425868
-
SHA256
5d7705859489383576e05748d3b2acff1a8dafac70f8901b75c890db2b82d4f6
-
SHA512
d3dd2c4600d00e1dbd597d0b1e6f38694890e4cce8742a138f9c8f9e4c1b3308e6f54104096b245437f0d2674e0174fa61568902b93e5cec636229cd94fbe6b1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-