General
-
Target
8 ball pool hack.exe
-
Size
313KB
-
Sample
240407-s2ggsafh96
-
MD5
8c78abfa631325c3160daeda40cd1194
-
SHA1
470ab30d818518d07e916217f2b9f03f398e6aaf
-
SHA256
9050e489f3b839539e719f73fee921a9b0950ef9af97c09403e647fed8d5198c
-
SHA512
7f99b3c5e971dda31166689d1f1c9d2064fc2e8921245b6ffbc9e00f70f8dc0fcd15bd23a24aea72e078620db9b6009f2a2d8979c43f045a5ed76cbde36c883d
-
SSDEEP
6144:Xf2YIUEL2cUthDBh8zj2v/TZjLezR3RgZhY4/HLzsTSHeFJEedXgchabr/Nq5:OhMVh8jzR3R+Y4/XsW+Qedwci/Nq
Static task
static1
Behavioral task
behavioral1
Sample
8 ball pool hack.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8 ball pool hack.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
@Ppparanoya1
45.15.156.167:80
Targets
-
-
Target
8 ball pool hack.exe
-
Size
313KB
-
MD5
8c78abfa631325c3160daeda40cd1194
-
SHA1
470ab30d818518d07e916217f2b9f03f398e6aaf
-
SHA256
9050e489f3b839539e719f73fee921a9b0950ef9af97c09403e647fed8d5198c
-
SHA512
7f99b3c5e971dda31166689d1f1c9d2064fc2e8921245b6ffbc9e00f70f8dc0fcd15bd23a24aea72e078620db9b6009f2a2d8979c43f045a5ed76cbde36c883d
-
SSDEEP
6144:Xf2YIUEL2cUthDBh8zj2v/TZjLezR3RgZhY4/HLzsTSHeFJEedXgchabr/Nq5:OhMVh8jzR3R+Y4/XsW+Qedwci/Nq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-