General
-
Target
https://github.com/picker2svak/wVALORANTBLACKw/blob/main/Click%20here%20to%20Download.md
-
Sample
240628-x92vxazdre
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/picker2svak/wVALORANTBLACKw/blob/main/Click%20here%20to%20Download.md
Resource
win10v2004-20240611-en
31 signatures
600 seconds
Malware Config
Extracted
Family
redline
C2
185.196.9.26:6302
Targets
-
-
Target
https://github.com/picker2svak/wVALORANTBLACKw/blob/main/Click%20here%20to%20Download.md
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-