redline | dcf6833e580432fec0174bdb64dced1e9e9abf086a77a5799138d807499a22f7 | Triage

Submit
Reports

Overview

overview

Static

static

141.98.6.2...8c.exe

windows7-x64

141.98.6.2...8c.exe

windows10-2004-x64

Sharing

General

Target

141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.dat
Size

783KB
Sample

220805-f8jt9sfea6
MD5

f84905c8ef2f1a66d371f78f5eef018c
SHA1

db9b70232eec3d62d2c7bb6a2ae2bdb637286760
SHA256

dcf6833e580432fec0174bdb64dced1e9e9abf086a77a5799138d807499a22f7
SHA512

ffe297457c73e1497a7dea57ede5ad4b2c694c6b785d7981454b860aae72a176f656ab6903d931a76fabe26f7ae12c6eb547b179402a1cb9d934701fe214140f

Score

10^/10

redline tpb-activator discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.exe

Resource

win7-20220718-en

redline tpb-activator discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.exe

Resource

win10v2004-20220721-en

redline tpb-activator discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

TPB-ACTIVATOR

C2

amrican-sport-live-stream.cc:4581

Attributes

auth_value
df7c91432437b11d8f25d54ba7832b8d

Targets

- Target
  
  141.98.6.236_-_TPBActivetor_-_ZvfejoxpnTPBA-1.exe___f84905c8ef2f1a66d371f78f5eef018c.dat
- Size
  
  783KB
- MD5
  
  f84905c8ef2f1a66d371f78f5eef018c
- SHA1
  
  db9b70232eec3d62d2c7bb6a2ae2bdb637286760
- SHA256
  
  dcf6833e580432fec0174bdb64dced1e9e9abf086a77a5799138d807499a22f7
- SHA512
  
  ffe297457c73e1497a7dea57ede5ad4b2c694c6b785d7981454b860aae72a176f656ab6903d931a76fabe26f7ae12c6eb547b179402a1cb9d934701fe214140f
Score

10^/10

redline tpb-activator discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetpb-activatordiscoveryinfostealerspywarestealer

behavioral2

redlinetpb-activatordiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy