General
-
Target
tmp
-
Size
784KB
-
Sample
220801-w2w41sfha4
-
MD5
43089a1a50b1981a4dba7959e31e62f1
-
SHA1
c8db527eba66719e365672a17bd1eddc2085de9a
-
SHA256
4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
-
SHA512
2777758eff7684d51ca8bc060f0652c14ef6999375061262acb5a741a2c927cfefe46bbbe733530777bd1d08893cce8e7f0631e157ff2069f6c75c5f3624b0fa
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
TORRENTOLD
amrican-sport-live-stream.cc:4581
-
auth_value
74e1b58bf920611f04c0e3919954fe05
Targets
-
-
Target
tmp
-
Size
784KB
-
MD5
43089a1a50b1981a4dba7959e31e62f1
-
SHA1
c8db527eba66719e365672a17bd1eddc2085de9a
-
SHA256
4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
-
SHA512
2777758eff7684d51ca8bc060f0652c14ef6999375061262acb5a741a2c927cfefe46bbbe733530777bd1d08893cce8e7f0631e157ff2069f6c75c5f3624b0fa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-