General
-
Target
SecuriteInfo.com.Trojan.PWS.Steam.33515.21594.25697.exe
-
Size
535KB
-
Sample
221207-v2569aaf3t
-
MD5
9f935b74e327153df023aaa48e590f97
-
SHA1
7a891cf97f0d875046b6a4c94b8d50d390ac1776
-
SHA256
30c4e6d6b4cea0c437e0e230560c991a0f50f2fb1870aeb771c90036dfe25010
-
SHA512
b47d43482fcd9bd881f329088218fd87c1a7483990c5756ec0ce296f726f327cffea9ba951e564a5ccafe972120be4cccea7ea91093f8fdbc2b375c981a936d9
-
SSDEEP
12288:HlAdieNsYHk31Qbkt1EpxYdv45pcbqFIuLDUYRkAj4pUzzVWdiY10P6+/WRc/zNs:HD31QIt1iYv4TcbqFOYRx4pUzzVWdiYu
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Steam.33515.21594.25697.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.Steam.33515.21594.25697.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
new2811
jamesmillion.xyz:15772
-
auth_value
86a08d2c48d5c5db0c9cb371fb180937
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Steam.33515.21594.25697.exe
-
Size
535KB
-
MD5
9f935b74e327153df023aaa48e590f97
-
SHA1
7a891cf97f0d875046b6a4c94b8d50d390ac1776
-
SHA256
30c4e6d6b4cea0c437e0e230560c991a0f50f2fb1870aeb771c90036dfe25010
-
SHA512
b47d43482fcd9bd881f329088218fd87c1a7483990c5756ec0ce296f726f327cffea9ba951e564a5ccafe972120be4cccea7ea91093f8fdbc2b375c981a936d9
-
SSDEEP
12288:HlAdieNsYHk31Qbkt1EpxYdv45pcbqFIuLDUYRkAj4pUzzVWdiY10P6+/WRc/zNs:HD31QIt1iYv4TcbqFOYRx4pUzzVWdiYu
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-