General
-
Target
tmp
-
Size
1.5MB
-
Sample
221129-v7jkfadg4t
-
MD5
b8ff6057209efaa690cb22fedc2d4a9a
-
SHA1
ac1913a147915f262ca5b5864a289290e8371abf
-
SHA256
25c2032b593cae9a3f546acb149a030577553804948e415ba0490c036a1d4118
-
SHA512
b87f89528f7859e16237557e9a5d601c6618b5ab50bdfb00592d988b8fda9b2c45bb44536d09d20fb73305e931abd1ee3a952ea72fa65e8fab3314c566e503bd
-
SSDEEP
24576:77UQ0toV7ozc/T6frhMjYvodMiBvAxX7fty:MQrVUs6FMjYvodMiI7ly
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
CHEAT-MENU
amrican-sport-live-stream.cc:4581
-
auth_value
e948baa7e2fc2d71d02a5864e088ed36
Targets
-
-
Target
tmp
-
Size
1.5MB
-
MD5
b8ff6057209efaa690cb22fedc2d4a9a
-
SHA1
ac1913a147915f262ca5b5864a289290e8371abf
-
SHA256
25c2032b593cae9a3f546acb149a030577553804948e415ba0490c036a1d4118
-
SHA512
b87f89528f7859e16237557e9a5d601c6618b5ab50bdfb00592d988b8fda9b2c45bb44536d09d20fb73305e931abd1ee3a952ea72fa65e8fab3314c566e503bd
-
SSDEEP
24576:77UQ0toV7ozc/T6frhMjYvodMiBvAxX7fty:MQrVUs6FMjYvodMiI7ly
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-