General
-
Target
Swift.pdf.exe
-
Size
1.2MB
-
Sample
210118-agzc1fqgle
-
MD5
12bd6ccee06c7ec5762c2aecc7c3357d
-
SHA1
4821ff4545829ef14a14845880f35b273c2bf4b4
-
SHA256
85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c
-
SHA512
c2e44bae87845b5321fac3de4fc602106914e820378d5926690f690edac7830922bfef91d6658eafb4747174d3e1060a22c9c33fc940b1c51494a8dfc20010cb
Static task
static1
Behavioral task
behavioral1
Sample
Swift.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Swift.pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Swift.pdf.exe
-
Size
1.2MB
-
MD5
12bd6ccee06c7ec5762c2aecc7c3357d
-
SHA1
4821ff4545829ef14a14845880f35b273c2bf4b4
-
SHA256
85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c
-
SHA512
c2e44bae87845b5321fac3de4fc602106914e820378d5926690f690edac7830922bfef91d6658eafb4747174d3e1060a22c9c33fc940b1c51494a8dfc20010cb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-