General
-
Target
ValorantExternal.rar
-
Size
288KB
-
Sample
230730-3rbtnabg59
-
MD5
3b72a6143fa448c144f1cc58e29b851a
-
SHA1
eec0b4e9c00bce20f8b34966f5734eb39ad4896f
-
SHA256
504aaf3fbd4d0aa32fe7deebd06533d6d1b673c02ad0dd334cc9b351afe1263a
-
SHA512
8d3507c1ae0173a56e8aa04ba8ddda33204e7dd86d513bbdd6a77557798ba3f108980dd953053bed55657305a215b92f0ef5a0be23acb2d0fde0e17f05f118cc
-
SSDEEP
6144:+Yz8bSlTzhOh2UJ4a740EmpA7kvbp4grZHpYSSZOS8ytqxLbG:+Y6S9zu3Jb77E1kjHBZSZ7tqxLbG
Static task
static1
Behavioral task
behavioral1
Sample
ValorantExternal v3.4.1.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ValorantExternal v3.4.1.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
@wtflooool
94.142.138.4:80
-
auth_value
73b07b01031cf6f2730ccdf9b9448a33
Extracted
laplas
http://185.209.161.189
-
api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
Targets
-
-
Target
ValorantExternal v3.4.1.exe
-
Size
978KB
-
MD5
c36eae4946702af2ff4896cc89f13823
-
SHA1
7b136099fa2e6ef706bb88d0ba7c69b4386705a1
-
SHA256
55b003f9fc3a0c8b538d04701cb2fb57441bdd24144b69f258eb1df7b74de79e
-
SHA512
308cdfe1fb9034f98bf5726608d427e6b3c25656eee5c4003ec0399ea022b88f40b87c4f4acff823f39278237457e93c93f439259212e5d4fd207c2b598292e9
-
SSDEEP
12288:me9LrhpIF+G5PMZ619CsajupXmzrgSyszQuUg4sEnduzzercMgO4WvN3NMoqd:p9fhpIwG5PMZ6pgQuUgUnOzU3NB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-