General
-
Target
R B X 1 2 5.rar
-
Size
9.7MB
-
Sample
240815-nmacpsvanr
-
MD5
775d1f7409c0507d2864d7bd283ef914
-
SHA1
fc28466f13da0f88cde02bd70b79e8a3f093c4e3
-
SHA256
0bf30e9e9446bb909d3459669312f5982f6af0a3dd1d61eb141c386785b52331
-
SHA512
f3e190834aca8fa56683148ce012622360fdc575eccb6a667021df6d92cd260a57689fc7b9ca3ff47bcbeac1f2f4a8679fb46228751e8756a6925f4018cf6573
-
SSDEEP
196608:pzg44wZIYG1SyNmDfJjO8pMjHWXjBawNBxm2gMTHNV4Y/ry++jn5H9I:m5wZIL1TCEXjHwBawzxNnrG5j5G
Behavioral task
behavioral1
Sample
R B X 1 2 5/Roblox Executor.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
R B X 1 2 5/Roblox Executor.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
R B X 1 2 5/Roblox Executor.exe
-
Size
610KB
-
MD5
2744b07299dfa1999cff269ea72a2b80
-
SHA1
8f1527af2b2b9f0134d834ab959902ac99b9783f
-
SHA256
91791c26f8831977e9d0b64d25e4e699b6b4e8360377ce3bfec803c5683470ce
-
SHA512
724d7154965865a626b5369afff7d911198d9d9bef728cde2680a0f09565520b69044d21bf063bce5246b52bdad5c46636dd1c1b73a1e0183272a9c1f27be3ab
-
SSDEEP
12288:s/4LI3Kvjc6xh0J5P4bEPcL9XTWMsmNkBFV2KpkL9nI9rNtFamI3v6WZDtWdD+A5:4B3P6IR4bEPU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1