Overview

overview

10

Static

static

Roblox Script.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Roblox Script.exe

  • Size

    2.6MB

  • Sample

    220924-mwat6acebn

  • MD5

    d946c8eb5b9800b374b19a5efcf57d4e

  • SHA1

    701b6659785e5e16c47a60f8ab36b682d8d091ce

  • SHA256

    b4d406a64ff2916fc217ccdb76b2548afbc3e152dc9889025c41c0d68899d245

  • SHA512

    603c264dbd198cf4b479d536d58f28fa30a1aad2eaf46cd6106689430655322c28043677cbeca870ec30d72647f63760245fdc4807cb05e9b412c12c8f91f2aa

  • SSDEEP

    24576:QWqJ4BpIGGNpE/Y4NYCYCCD+EqZM3od/qcLVZWPbCqjAv0aS/zLx1xl3RuQ55315:BqYpIGGN6/YitBIbCGAv0aWzXxl37

Score
10/10
redlineinfostealerspyware

Malware Config

Extracted

Family

redline

C2

79.137.192.7:39946

Attributes
  • auth_value

    ee82ee4d2f6b123ebaec71ca778bfe7d

Targets

    • Target

      Roblox Script.exe

    • Size

      2.6MB

    • MD5

      d946c8eb5b9800b374b19a5efcf57d4e

    • SHA1

      701b6659785e5e16c47a60f8ab36b682d8d091ce

    • SHA256

      b4d406a64ff2916fc217ccdb76b2548afbc3e152dc9889025c41c0d68899d245

    • SHA512

      603c264dbd198cf4b479d536d58f28fa30a1aad2eaf46cd6106689430655322c28043677cbeca870ec30d72647f63760245fdc4807cb05e9b412c12c8f91f2aa

    • SSDEEP

      24576:QWqJ4BpIGGNpE/Y4NYCYCCD+EqZM3od/qcLVZWPbCqjAv0aS/zLx1xl3RuQ55315:BqYpIGGN6/YitBIbCGAv0aWzXxl37

    Score
    10/10
    redlineinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks