General

  • Target

    Swift.pdf.exe

  • Size

    1.2MB

  • Sample

    210118-agzc1fqgle

  • MD5

    12bd6ccee06c7ec5762c2aecc7c3357d

  • SHA1

    4821ff4545829ef14a14845880f35b273c2bf4b4

  • SHA256

    85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c

  • SHA512

    c2e44bae87845b5321fac3de4fc602106914e820378d5926690f690edac7830922bfef91d6658eafb4747174d3e1060a22c9c33fc940b1c51494a8dfc20010cb

Malware Config

Targets

    • Target

      Swift.pdf.exe

    • Size

      1.2MB

    • MD5

      12bd6ccee06c7ec5762c2aecc7c3357d

    • SHA1

      4821ff4545829ef14a14845880f35b273c2bf4b4

    • SHA256

      85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c

    • SHA512

      c2e44bae87845b5321fac3de4fc602106914e820378d5926690f690edac7830922bfef91d6658eafb4747174d3e1060a22c9c33fc940b1c51494a8dfc20010cb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks