Overview
overview
10Static
static
3FORTNITECHEAT.exe
windows7-x64
10FORTNITECHEAT.exe
windows10-2004-x64
10Installer2.exe
windows7-x64
10Installer2.exe
windows10-2004-x64
10Zeus.exe
windows7-x64
10Zeus.exe
windows10-2004-x64
10installer.exe
windows7-x64
10installer.exe
windows10-2004-x64
10lnjector.exe
windows7-x64
10lnjector.exe
windows10-2004-x64
10setup.exe
windows7-x64
10setup.exe
windows10-2004-x64
10General
-
Target
5031f42bb5fc965f36d16c261032db382e9746ecbd58cda03fa40ef286738a74
-
Size
11.3MB
-
Sample
241108-kvm2zszcja
-
MD5
3e54734beeaab8a1fde7ae62163ef97f
-
SHA1
0d7de22c9534ff452cf0104a484df9c3718de10f
-
SHA256
5031f42bb5fc965f36d16c261032db382e9746ecbd58cda03fa40ef286738a74
-
SHA512
0bd34c8af6917bb636d67520ded3539f189fd7c652be7de5e194fb164cbba9fd39a7096521f6f946e5189fa94940fc08c01a2237d9088d588e72712255fa3998
-
SSDEEP
196608:bD3EqO0VD50ms/HF/y/LUtvUIXQWSbANfzDn3KeEDH1FtMKny/9opxM9yIm:PXJ5VsPF0LIvKTURf3KeED3Qmi1m
Static task
static1
Behavioral task
behavioral1
Sample
FORTNITECHEAT.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FORTNITECHEAT.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Installer2.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Installer2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Zeus.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Zeus.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
lnjector.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
lnjector.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
setup.exe
Resource
win7-20241023-en
Malware Config
Extracted
redline
82.115.223.46:57672
176.113.115.7:2883
168.119.228.126:11552
-
auth_value
65fba98f55adb38b082f2f52949a5552
Extracted
vidar
1.8
670
https://t.me/year2023start
https://steamcommunity.com/profiles/76561199467421923
http://65.108.93.119:80
-
profile_id
670
Extracted
redline
@foruman
82.115.223.138:35316
-
auth_value
07b91b1fbc2cf38591e4b4015a53bf5c
Extracted
redline
0116
81.161.229.143:26910
-
auth_value
35f84f965c2ecd5ec79c6b3e71986b0d
Targets
-
-
Target
FORTNITECHEAT.exe
-
Size
236KB
-
MD5
205a1f643c7f26603dc645b515a8900d
-
SHA1
0b7ffb1768dbfc50f1976c1088786d51fa6ec39f
-
SHA256
2e68d477438ee0ed7b4d44635867a3fbee80d63436e5c780eb3d5ec554b0e713
-
SHA512
d4a432d1959268ea9cbd345aa1da8f0c3e3de8c559df02fe4e5eb1d5b5ff94ecf1edb56cff4ad6e6e89253967f567b194d255b9000c7e58c4780878dccddee52
-
SSDEEP
3072:YWsC/69uHTRv/pUXxtHchIb2SyEz6itegZP7iyi1pkOiK6JPytw:KC/69cV/pYxxck2OHFQpkOTQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-
-
-
Target
Installer2.exe
-
Size
425KB
-
MD5
40dc8f4a6bfb79a50691143b66fa2ff3
-
SHA1
5f051dfe0134e4a1002dda56670f7d1cde6c5bdf
-
SHA256
9190fb6dc4fe6f169c44804424dcfd418a373a0200aa4618c2ea0005a197e91c
-
SHA512
db2ac9c43e931fa235f79904dcd02d4ef8c25109638a4a7601dc5ecac480c99761925d9105ff0b96e909230dd1d25d48859d409333fa7dbf7b6db4b038320549
-
SSDEEP
12288:WOkKE07y8D09eRqFSZdg19n9Q9l9h9K9W9v9919z9b9u9U9f9e9b98989l9R9d9G:sky8OWqFSI19n9Q9l9h9K9W9v9919z93
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
Zeus.exe
-
Size
515.0MB
-
MD5
bb740560995911865bf11afaa73582a3
-
SHA1
b0503aec0a704e8352f3a343c48e8f652e2a4713
-
SHA256
643952a1c34cc68716a42cc78bc1f4684e14cd30706de64df46d9d4c928045ea
-
SHA512
c97c8702fb820d95a0cbecccc17b4a759956b89305535f3bb45952700732e69fac8c38cf6be6f1041844745734a30a6fbe28b93639d291f93d0dbb202941cda6
-
SSDEEP
24576:5IkpALgZ27qdFQxRYivpsR6zD3UGveZCIrB/1e3UC6zEjmTz7r4ygjzJwlywteLG:PpAXFOPZEjmfPmF8UCLVlUIY0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-
-
-
Target
installer.exe
-
Size
1.3MB
-
MD5
4ca8d5fd296026e9594929feea52990e
-
SHA1
3d70526e7f8bbd05e64b6e195ad9cd6644fc65c3
-
SHA256
fc09addb668c15983de03593dd8f182261f3957c3dc02fbf2653820858810fa9
-
SHA512
15180308f09e989efb174cc022ad54078f6e66872c96e1027f8f36fcd37cb5b596a566b66e1935d853fc54fade05ba4179e81218c3b7952953677a7378a82712
-
SSDEEP
24576:odGlKVNT2CqjiK7VhmD2beSmNPiQ4SEqxgHY:o8lCkFz/O27mNKToxN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
lnjector.exe
-
Size
500.5MB
-
MD5
56cb97e07b3367190cea9bb199bc152e
-
SHA1
cf8e2cb67cfd695ce46126a086ad970818330cda
-
SHA256
01af0abb5a482d088222df1a4b4035ef86f643bc2537b161227bab8715dea6bb
-
SHA512
0cf64f84e628e035b284a91fae51708cf25b78a075692df26211c74f2379fe72612bba98310bd540967ba79f570ae93c44b48505c5a324d05257c61829c7e042
-
SSDEEP
12288:DoqTPMr/tw5cy8TOtn2C7LwUDEzM54tESMCgL:DoqTUr/tw5cy2C77+aZ5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
setup.exe
-
Size
6.5MB
-
MD5
e8e5283ad4683f8dcc018d5769e473dd
-
SHA1
d5c41f15a6fc28050e02bff6c3ab357fa0f99642
-
SHA256
b885e915e529bb54f5d219617b77c6369300cf72a50348a37083d21f3a8345e6
-
SHA512
8f8732c076a76abeb3ccc49215d7c201eea584bc8060df2f38cec3682bb6fbe976934ab73ba33d32e7d1e45dae271acf0fd8716c0847cab3bf930376e8f2173d
-
SSDEEP
98304:rcLWt2jT+gKF5ENbYMyKFUB47Kh1Fpn50pOFXc2g/uu6J7Hr1x9ucbu8:wb3+XONbg0zIv5o2Xc2g/u9JHr1ycz
-
Vidar family
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-