General
-
Target
e0651a5be1a28da97d1054c8542c0b9b0b734e05c67d7c2da49123d52e24e32d
-
Size
506KB
-
Sample
220731-slctnahfep
-
MD5
bbe853da213fd6b783a08eafc2d4cad0
-
SHA1
45cdd1c02bc98e86073f4ab3caa2b034b29c98ad
-
SHA256
e0651a5be1a28da97d1054c8542c0b9b0b734e05c67d7c2da49123d52e24e32d
-
SHA512
04505ac1afeed23d9495eb3a63838b371e541272da0daf0359229a2a5e18532928047f46e59d1acd55d3e78d0fb9e0226a87cda20ae5c47a15bdc047bf26da4f
Static task
static1
Behavioral task
behavioral1
Sample
e0651a5be1a28da97d1054c8542c0b9b0b734e05c67d7c2da49123d52e24e32d.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
TPB-ACTIVATOR
amrican-sport-live-stream.cc:4581
-
auth_value
df7c91432437b11d8f25d54ba7832b8d
Targets
-
-
Target
e0651a5be1a28da97d1054c8542c0b9b0b734e05c67d7c2da49123d52e24e32d
-
Size
506KB
-
MD5
bbe853da213fd6b783a08eafc2d4cad0
-
SHA1
45cdd1c02bc98e86073f4ab3caa2b034b29c98ad
-
SHA256
e0651a5be1a28da97d1054c8542c0b9b0b734e05c67d7c2da49123d52e24e32d
-
SHA512
04505ac1afeed23d9495eb3a63838b371e541272da0daf0359229a2a5e18532928047f46e59d1acd55d3e78d0fb9e0226a87cda20ae5c47a15bdc047bf26da4f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-