General
-
Target
Valorant Skin Changer.zip
-
Size
246KB
-
Sample
220903-er56hahbgp
-
MD5
09ba4976d18c0770fe462cc2a4c33cfe
-
SHA1
5926797ea94d8b719fe7f844991cac5cdfc95ddc
-
SHA256
1c72649a02c1d6d276c9fcb5921cd070de5cc68337b19a63a62893ef8c0a9c8d
-
SHA512
e530f2586c9c67158064239e3624d74146cb92860257fb69f9e790681f6ed29074fe7dafbca0f42621c467e16c6c83e433413551cdf49cea7d4adfff45a630ab
-
SSDEEP
6144:owFu5WCZJVRhp7/+RtsTXjoRMgzYuMwZ9skfqLs0xdmmOkyOyi3v:/FugCZJ5p7/gt0TEPjmkyLLVOkyI3v
Static task
static1
Behavioral task
behavioral1
Sample
Valorant Skin Changer.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
b34b8a919a71ed4027bc3f495b7f799e
Targets
-
-
Target
Valorant Skin Changer.exe
-
Size
463KB
-
MD5
614fdab08259badfde733dcb31f7136b
-
SHA1
f8a4f0bbba13c8590a69b7d3afdb757d8a3349e6
-
SHA256
020b635a94c45367c89ec249a40ca829163c988c02ba308d111041245da801cb
-
SHA512
2ffd92175f43a63f7e13e22b08cc6ac4fb509667ad9c92c61f531faee4d4428ad7d461fb2071f81bfa1a197ba2ee0bf970eb9cb51cf2cb96c35e9f93620202d4
-
SSDEEP
6144:pzCQyNPBUwSu4Tuk7S67FBwmatf37y43VELKSv3s6WWXVibtLmlxXFAOMMsESjL+:wU9uAz3wmatfKXvnWWXctmXFJ0Xj0b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-