General
-
Target
https://github.com/search?q=valorant+cracked&type=repositories&s=updated&o=desc
-
Sample
240628-sl1wgsyajm
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/search?q=valorant+cracked&type=repositories&s=updated&o=desc
Resource
win10-20240404-en
30 signatures
1200 seconds
Malware Config
Extracted
Family
redline
C2
185.196.9.26:6302
Targets
-
-
Target
https://github.com/search?q=valorant+cracked&type=repositories&s=updated&o=desc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-