General
-
Target
minecraftcheat.exe
-
Size
5.0MB
-
Sample
240727-nmktfazgja
-
MD5
64fafd3369956375e0ac1c9ef85c2002
-
SHA1
c53f2f752edaeb5453d73aaf89b6fed216d6cfb6
-
SHA256
6cd6ec0104f52d232dfe5c59b00e87d24490a7774e154233d467b8887616d1a6
-
SHA512
344328457469fc29e8a8af21027becc146c1407e39f62475b62760a7411135c953362fded218507845277909a20d1774d224245797166a8f19dffced2a8c800a
-
SSDEEP
1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed233tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdn8
Behavioral task
behavioral1
Sample
minecraftcheat.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
minecraftcheat.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
cheat
194.55.186.129:26644
Targets
-
-
Target
minecraftcheat.exe
-
Size
5.0MB
-
MD5
64fafd3369956375e0ac1c9ef85c2002
-
SHA1
c53f2f752edaeb5453d73aaf89b6fed216d6cfb6
-
SHA256
6cd6ec0104f52d232dfe5c59b00e87d24490a7774e154233d467b8887616d1a6
-
SHA512
344328457469fc29e8a8af21027becc146c1407e39f62475b62760a7411135c953362fded218507845277909a20d1774d224245797166a8f19dffced2a8c800a
-
SSDEEP
1536:5qsCbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed233tmulgS6p8l:XEwiYj+zi0ZbYe1g0ujyzdn8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-