General
-
Target
tmp
-
Size
1.8MB
-
Sample
220928-k56l3sfea3
-
MD5
43f735e99626467bcec0895ddc51ee14
-
SHA1
cfbd389da2a60e4e39b8ce3bb56ca57506985465
-
SHA256
79208f5bcd29a83d75bb073d3f48a483cd51dbd53e9cee5472ab4947a1ede05b
-
SHA512
467f650679e5170b2387fdf16087b3d114d2ec980b194d2e3ab233ce53497a57356fff195a8d222c946070b6e5d929b88fa33f776a5158343cf1fa259c73ddf4
-
SSDEEP
24576:O2ljpVMlw5M4tEqAmRabisyl5uJ5ErUim/r8REOuPOEkU1johR:Bq3bis7IYr8REOuP3kUZohR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
HEXO-SOFTWARE
amrican-sport-live-stream.cc:4581
-
auth_value
fea440ffae02b6f56d7b00fe8105ccb8
Targets
-
-
Target
tmp
-
Size
1.8MB
-
MD5
43f735e99626467bcec0895ddc51ee14
-
SHA1
cfbd389da2a60e4e39b8ce3bb56ca57506985465
-
SHA256
79208f5bcd29a83d75bb073d3f48a483cd51dbd53e9cee5472ab4947a1ede05b
-
SHA512
467f650679e5170b2387fdf16087b3d114d2ec980b194d2e3ab233ce53497a57356fff195a8d222c946070b6e5d929b88fa33f776a5158343cf1fa259c73ddf4
-
SSDEEP
24576:O2ljpVMlw5M4tEqAmRabisyl5uJ5ErUim/r8REOuPOEkU1johR:Bq3bis7IYr8REOuP3kUZohR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-