General
-
Target
QGFG0322PDF.exe
-
Size
643KB
-
Sample
210323-trt7vgnq72
-
MD5
5fc83d89ac2e03001c0a2a80058fb3d3
-
SHA1
71f567fb8ffd750622708e429b3be9486025ba65
-
SHA256
18f6f62ea75d3a000bcb07e9abfb5e8879193a45cbd42f6e894cd45850fbd759
-
SHA512
8ef863f973199a770963f1788d8c355680272b909b4fbab41aa3f5f5b191ef7e2a134b5a39743a78a344ebd90c03a46aa3e61ae0b65fb76d2e40786c40e246d7
Static task
static1
Behavioral task
behavioral1
Sample
QGFG0322PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QGFG0322PDF.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
QGFG0322PDF.exe
-
Size
643KB
-
MD5
5fc83d89ac2e03001c0a2a80058fb3d3
-
SHA1
71f567fb8ffd750622708e429b3be9486025ba65
-
SHA256
18f6f62ea75d3a000bcb07e9abfb5e8879193a45cbd42f6e894cd45850fbd759
-
SHA512
8ef863f973199a770963f1788d8c355680272b909b4fbab41aa3f5f5b191ef7e2a134b5a39743a78a344ebd90c03a46aa3e61ae0b65fb76d2e40786c40e246d7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-