QFSN0331PDF.exe

General
Target

QFSN0331PDF.exe

Size

519KB

Sample

210401-qmxmygyems

Score
10 /10
MD5

18377afa571a27e3d67024934eb425fc

SHA1

72e4b926dcf352558304f42fac331b2dda61049e

SHA256

edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb

SHA512

7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475

Malware Config

Extracted

Family redline
C2

mhuncho.duckdns.org:3214

Targets
Target

QFSN0331PDF.exe

MD5

18377afa571a27e3d67024934eb425fc

Filesize

519KB

Score
10 /10
SHA1

72e4b926dcf352558304f42fac331b2dda61049e

SHA256

edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb

SHA512

7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation