General
-
Target
PUBGcheat.rar
-
Size
4.6MB
-
Sample
230125-d66j5seg64
-
MD5
e8407005cd1755bccc364fe2d0243aba
-
SHA1
483c8b60788e12577990efa6abb010b0b6e75c1f
-
SHA256
8ce129c880942a1c592ae2f77680519cc84488358c5ec6766b1a59fd3b1d644d
-
SHA512
169171ad65cd5986d1b534cde21f8588b7b0f028109d37dfec0ad84e5bb09191c3f1d49ae7bb70c3ca4715c4176e12919a6916cd77755b20ee98ac008bdd9da7
-
SSDEEP
98304:ON/pSAW1DA+AtCBHF8jlNOVsPt8h5kHbCprYDK4OQaqHXc+U:uh8itCBHCnOiChiHOwVHXU
Static task
static1
Behavioral task
behavioral1
Sample
PUBGcheat/PUPGcheat.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
@foruman
45.15.156.155:80
-
auth_value
43c46f5646e17d8eafe7e33654dbc9b9
Targets
-
-
Target
PUBGcheat/PUPGcheat.exe
-
Size
4.2MB
-
MD5
e5132ba7ead2678937e0a456b0ec486f
-
SHA1
4ac356f760856bc04cf642ad80746c27dee3071a
-
SHA256
a9fc85282672428bc78ca1c87335113361248fc06c5a7cb812d3bb6a80a920c7
-
SHA512
6f99073185a9fc1ceead113969a96e2a7ec2747368ac76cf9da1abbac27a01d0fa16b1e0361b7c1ad786b1942719b682406abf62b47e9cd66c669e8ea764a3cd
-
SSDEEP
98304:dQ5JBs724LGPTXWIYttc22ICEF1xcZeo4TPCpE5j3HfrYs+NjV9:dQj4GPTXfk92ICEF+4TuEp/MtV9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-