General
-
Target
StartGame.exe
-
Size
1.3MB
-
Sample
220508-mwtx2agbd4
-
MD5
375ebc4cb338ee7b851f666fe02156d2
-
SHA1
b04930e12e7670501b4291a4bce5814878053a5a
-
SHA256
b462c62d0f14acebdbfde12ca68cd6b749847b73d8483232fe265c80c2d8b1ac
-
SHA512
21fa80fd5e72bda76fd26d0e8a0943599ccd017978c146e3f1182ebcc3f05e45d273c29e599e4d699b2997efe69be0677528fab9df74e73243d53fb66a8ddcd2
Static task
static1
Behavioral task
behavioral1
Sample
StartGame.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
StartGame.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
65.108.141.58:38640
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
-
-
Target
StartGame.exe
-
Size
1.3MB
-
MD5
375ebc4cb338ee7b851f666fe02156d2
-
SHA1
b04930e12e7670501b4291a4bce5814878053a5a
-
SHA256
b462c62d0f14acebdbfde12ca68cd6b749847b73d8483232fe265c80c2d8b1ac
-
SHA512
21fa80fd5e72bda76fd26d0e8a0943599ccd017978c146e3f1182ebcc3f05e45d273c29e599e4d699b2997efe69be0677528fab9df74e73243d53fb66a8ddcd2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-