General
-
Target
141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.dat
-
Size
783KB
-
Sample
220805-f8jt9sfea6
-
MD5
f84905c8ef2f1a66d371f78f5eef018c
-
SHA1
db9b70232eec3d62d2c7bb6a2ae2bdb637286760
-
SHA256
dcf6833e580432fec0174bdb64dced1e9e9abf086a77a5799138d807499a22f7
-
SHA512
ffe297457c73e1497a7dea57ede5ad4b2c694c6b785d7981454b860aae72a176f656ab6903d931a76fabe26f7ae12c6eb547b179402a1cb9d934701fe214140f
Static task
static1
Behavioral task
behavioral1
Sample
141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
TPB-ACTIVATOR
amrican-sport-live-stream.cc:4581
-
auth_value
df7c91432437b11d8f25d54ba7832b8d
Targets
-
-
Target
141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.dat
-
Size
783KB
-
MD5
f84905c8ef2f1a66d371f78f5eef018c
-
SHA1
db9b70232eec3d62d2c7bb6a2ae2bdb637286760
-
SHA256
dcf6833e580432fec0174bdb64dced1e9e9abf086a77a5799138d807499a22f7
-
SHA512
ffe297457c73e1497a7dea57ede5ad4b2c694c6b785d7981454b860aae72a176f656ab6903d931a76fabe26f7ae12c6eb547b179402a1cb9d934701fe214140f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-