General
-
Target
Rrobknnz-TPB.exe
-
Size
2.1MB
-
Sample
230630-pn5exacc7t
-
MD5
2a9ee298bd7fbacb20a2e873ceae0937
-
SHA1
72e4fff345eb72ed849f85781cede959f0844740
-
SHA256
1eae8264ef6827178364adbe9650d4eec1e791ec327f803aea1ea32fb502133e
-
SHA512
7b56f9720da536bc4f6b7a6ac7ca718a3d2d1381548792a93968e5ec7c6d3d943cbb2bfc54e4fd136fcc6653c322b92a25105ddea7eea69552c0a4dedb487c71
-
SSDEEP
49152:+qiIET4dQEYRT/8DpnTDsJQnkT3tyaiNJ:+fBMyT8NcnEaG
Malware Config
Extracted
redline
TPB
amrican-sport-live-stream.cc:4581
-
auth_value
9af3f668d2aa93965a3f83753e8ccb3f
Targets
-
-
Target
Rrobknnz-TPB.exe
-
Size
2.1MB
-
MD5
2a9ee298bd7fbacb20a2e873ceae0937
-
SHA1
72e4fff345eb72ed849f85781cede959f0844740
-
SHA256
1eae8264ef6827178364adbe9650d4eec1e791ec327f803aea1ea32fb502133e
-
SHA512
7b56f9720da536bc4f6b7a6ac7ca718a3d2d1381548792a93968e5ec7c6d3d943cbb2bfc54e4fd136fcc6653c322b92a25105ddea7eea69552c0a4dedb487c71
-
SSDEEP
49152:+qiIET4dQEYRT/8DpnTDsJQnkT3tyaiNJ:+fBMyT8NcnEaG
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-