General
-
Target
tmp
-
Size
2.4MB
-
Sample
230513-rl67tsaf71
-
MD5
54b737b86fddcb3ca236a6cf743e66e7
-
SHA1
eafaec85e6ef8d60302f1348a91d21d4d024d237
-
SHA256
cb5be74fea917e24244f7b10ec4f838fcaedc1683af463868e2dd0f832ace0b4
-
SHA512
58191680fb728368137f5a56e61fc2f5d3358ebcc687ba5dc3546db25769a2d9dafd6e963fc19c807af765c7694faf732d385ed6f0122235df464187488b18e7
-
SSDEEP
49152:6vYtGgyDMUzbX+BGHsTuky4x/0DzZHj0/Acy:6KGhvJHsa54+dyAcy
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
TPB-ACTIVATOR
amrican-sport-live-stream.cc:4581
-
auth_value
df7c91432437b11d8f25d54ba7832b8d
Targets
-
-
Target
tmp
-
Size
2.4MB
-
MD5
54b737b86fddcb3ca236a6cf743e66e7
-
SHA1
eafaec85e6ef8d60302f1348a91d21d4d024d237
-
SHA256
cb5be74fea917e24244f7b10ec4f838fcaedc1683af463868e2dd0f832ace0b4
-
SHA512
58191680fb728368137f5a56e61fc2f5d3358ebcc687ba5dc3546db25769a2d9dafd6e963fc19c807af765c7694faf732d385ed6f0122235df464187488b18e7
-
SSDEEP
49152:6vYtGgyDMUzbX+BGHsTuky4x/0DzZHj0/Acy:6KGhvJHsa54+dyAcy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-