General
-
Target
https://www.mediafire.com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR
-
Sample
240625-bz66zsxajl
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR
Resource
win10v2004-20240611-en
16 signatures
150 seconds
Malware Config
Extracted
Family
redline
C2
185.196.9.26:6302
Extracted
Family
lumma
C2
https://pepperdignitytaciw.shop/api
https://publicitycharetew.shop/api
https://computerexcudesp.shop/api
https://leafcalfconflcitw.shop/api
https://injurypiggyoewirog.shop/api
https://bargainnygroandjwk.shop/api
https://disappointcredisotw.shop/api
https://doughtdrillyksow.shop/api
https://facilitycoursedw.shop/api
Targets
-
-
Target
https://www.mediafire.com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-