General
-
Target
private valorant.zip
-
Size
758KB
-
Sample
220930-k4as1sdba8
-
MD5
de36e182b72d2cc71de895b538540892
-
SHA1
e04a664dd27dbebedf000fca3b377e6a889cbc36
-
SHA256
e03979f58b33f0b40c8817f7c2a0106c4a6a51c0b9bd1b8de37435a3b65f0ae1
-
SHA512
693d59435a054338f92c33dfbabce845dc72b135c7179ba9688aa0a664cfef264f1e357db444b53c8a4a24f9510dbc075fa0eb2b010010e69d144d0d19b3d129
-
SSDEEP
12288:Bfdsa2vUz4hFOhuW8Jhl+4YnKg1gtCkjrqyx9GHHQWTPMEemi/kyn5hNcroyBbZh:BlRUohYJhlIn+tCkjrqisn3TEEeRsQza
Static task
static1
Behavioral task
behavioral1
Sample
private valorant.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
private valorant.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
6ecfe2239bb32c15669e8ad6e1fa793c
Targets
-
-
Target
private valorant.exe
-
Size
2.6MB
-
MD5
4fe4971ca7dba89c1793b359cfbe8fd5
-
SHA1
2305e68738b5d6ce615d9386e7030c0120609428
-
SHA256
20178c4c0448a12445242ade89d2dd6973493c22ec545b45d69193fff0795dbd
-
SHA512
8da1b49237ccf820a11af103432f2c59f7c538735b54ce7f30cd8c4f3ed5f1f823e98691ff889b4a9088b77fdc65d9ea5afbc51d556f5eb53250a64750c442e5
-
SSDEEP
24576:Iz/1l1gz6B8BWccYvYhFMdeWQMyGdkYlHGTlNn7zVSYZJYvv9vOLyOkDPl3RuQ5C:6P1gu8BWvq8tEYZJYvv9vODkDPl30
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-