General
-
Target
DOCU_SIGN09986122877540087PDF.exe
-
Size
1.2MB
-
Sample
210728-h36r1sfzcs
-
MD5
4ec190efb6a034de4da8834bb8265710
-
SHA1
4c6ef9594118d1badfafe347bbbb20bae74f3f14
-
SHA256
fe3a327cad05044ff556ac57cfd99184cc4e73fc07cb799db2e9f17594effb7d
-
SHA512
7e88fa45ae298a4361a62afb98730eb13db3a16a3b02f01f0926275f33086a2c7d4a26ec0f425ec9970328c882e8ed084210592ecb7dc19ee431b061bd9c78a6
Static task
static1
Behavioral task
behavioral1
Sample
DOCU_SIGN09986122877540087PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DOCU_SIGN09986122877540087PDF.exe
Resource
win10v20210408
Malware Config
Extracted
redline
newlife957.duckdns.org:7225
Targets
-
-
Target
DOCU_SIGN09986122877540087PDF.exe
-
Size
1.2MB
-
MD5
4ec190efb6a034de4da8834bb8265710
-
SHA1
4c6ef9594118d1badfafe347bbbb20bae74f3f14
-
SHA256
fe3a327cad05044ff556ac57cfd99184cc4e73fc07cb799db2e9f17594effb7d
-
SHA512
7e88fa45ae298a4361a62afb98730eb13db3a16a3b02f01f0926275f33086a2c7d4a26ec0f425ec9970328c882e8ed084210592ecb7dc19ee431b061bd9c78a6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-