General
-
Target
bddb6d6ce4d658895dd74b7fee47fada
-
Size
1.5MB
-
Sample
220731-r6z91shdhm
-
MD5
bddb6d6ce4d658895dd74b7fee47fada
-
SHA1
944ff4b281d0082b89bdfe8fcdb1a5d4a03eca8c
-
SHA256
145877ca20956bebfae598ae4d4ac8c635c73ec5f7b6c34d6fdd024648f576f9
-
SHA512
b75ba8c0ce2df4b86bd6fda7022e4b67159798490eab9e0635baf2e68ed7dc67428707c6cc4d0f841d2025fde8f33312430e8b44fff3956a4aee5ce39a317c1a
Static task
static1
Behavioral task
behavioral1
Sample
bddb6d6ce4d658895dd74b7fee47fada.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
bddb6d6ce4d658895dd74b7fee47fada.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
TORRENTOLD
amrican-sport-live-stream.cc:4581
-
auth_value
74e1b58bf920611f04c0e3919954fe05
Targets
-
-
Target
bddb6d6ce4d658895dd74b7fee47fada
-
Size
1.5MB
-
MD5
bddb6d6ce4d658895dd74b7fee47fada
-
SHA1
944ff4b281d0082b89bdfe8fcdb1a5d4a03eca8c
-
SHA256
145877ca20956bebfae598ae4d4ac8c635c73ec5f7b6c34d6fdd024648f576f9
-
SHA512
b75ba8c0ce2df4b86bd6fda7022e4b67159798490eab9e0635baf2e68ed7dc67428707c6cc4d0f841d2025fde8f33312430e8b44fff3956a4aee5ce39a317c1a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-