General
-
Target
QFSN0331PDF.exe
-
Size
519KB
-
Sample
210401-qmxmygyems
-
MD5
18377afa571a27e3d67024934eb425fc
-
SHA1
72e4b926dcf352558304f42fac331b2dda61049e
-
SHA256
edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb
-
SHA512
7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475
Malware Config
Extracted
redline
mhuncho.duckdns.org:3214
Targets
-
-
Target
QFSN0331PDF.exe
-
Size
519KB
-
MD5
18377afa571a27e3d67024934eb425fc
-
SHA1
72e4b926dcf352558304f42fac331b2dda61049e
-
SHA256
edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb
-
SHA512
7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-