General
-
Target
tpb-1.exe
-
Size
693KB
-
Sample
221231-dplteacc8t
-
MD5
1a575f820afb5a403edcef777fe8999b
-
SHA1
1ea94430955232223bed641514f3e916c460a671
-
SHA256
2f5b6a45d9696e313b9eb0e7404f79446f329ec90b48f38615995407e3c60569
-
SHA512
d202415d1b94fad6d48b27002b00046f1135c9a2e60f818a773f4da71849df69a7d47c2cd432bb6b063e79f92dad9c3a239df880cc34c36969a640f374e21366
-
SSDEEP
12288:HdmCXEk8phFPeRfCcju3HoUMxZM+8lrYCU7X0wVPSajk83NtyssQ8/Sw1US+:HdmCXEk8phFPeRKVHpMxZL8lkCqXpVPv
Static task
static1
Behavioral task
behavioral1
Sample
tpb-1.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
TPB
amrican-sport-live-stream.cc:4581
-
auth_value
9af3f668d2aa93965a3f83753e8ccb3f
Targets
-
-
Target
tpb-1.exe
-
Size
693KB
-
MD5
1a575f820afb5a403edcef777fe8999b
-
SHA1
1ea94430955232223bed641514f3e916c460a671
-
SHA256
2f5b6a45d9696e313b9eb0e7404f79446f329ec90b48f38615995407e3c60569
-
SHA512
d202415d1b94fad6d48b27002b00046f1135c9a2e60f818a773f4da71849df69a7d47c2cd432bb6b063e79f92dad9c3a239df880cc34c36969a640f374e21366
-
SSDEEP
12288:HdmCXEk8phFPeRfCcju3HoUMxZM+8lrYCU7X0wVPSajk83NtyssQ8/Sw1US+:HdmCXEk8phFPeRKVHpMxZL8lkCqXpVPv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-