Overview

overview

10

Static

static

QGFG0322PDF.exe

windows7_x64

10

QGFG0322PDF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QGFG0322PDF.exe

  • Size

    643KB

  • Sample

    210323-trt7vgnq72

  • MD5

    5fc83d89ac2e03001c0a2a80058fb3d3

  • SHA1

    71f567fb8ffd750622708e429b3be9486025ba65

  • SHA256

    18f6f62ea75d3a000bcb07e9abfb5e8879193a45cbd42f6e894cd45850fbd759

  • SHA512

    8ef863f973199a770963f1788d8c355680272b909b4fbab41aa3f5f5b191ef7e2a134b5a39743a78a344ebd90c03a46aa3e61ae0b65fb76d2e40786c40e246d7

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Targets

    • Target

      QGFG0322PDF.exe

    • Size

      643KB

    • MD5

      5fc83d89ac2e03001c0a2a80058fb3d3

    • SHA1

      71f567fb8ffd750622708e429b3be9486025ba65

    • SHA256

      18f6f62ea75d3a000bcb07e9abfb5e8879193a45cbd42f6e894cd45850fbd759

    • SHA512

      8ef863f973199a770963f1788d8c355680272b909b4fbab41aa3f5f5b191ef7e2a134b5a39743a78a344ebd90c03a46aa3e61ae0b65fb76d2e40786c40e246d7

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks