General
-
Target
invice-PDF.exe
-
Size
328KB
-
Sample
210807-xs23214zxa
-
MD5
834d0436e95f39ceedc7cd44f1cdf783
-
SHA1
3e75f3e0cc374b764be385f2080319d24dd2e1f6
-
SHA256
ede7098a421db325ec6704d3dcf0e91f26787fea3ff2215dca12b8160e22ec80
-
SHA512
0350ae6a29b7c3bb8e51386482343a728eec280cec949ab8c0a76072fa46a9efbda9082c3a887da40b2cc97ed56850315f90b6717900c8b0db2e350db27a265e
Static task
static1
Behavioral task
behavioral1
Sample
invice-PDF.exe
Resource
win7v20210410
Malware Config
Extracted
redline
v1
176.10.118.231:54808
Targets
-
-
Target
invice-PDF.exe
-
Size
328KB
-
MD5
834d0436e95f39ceedc7cd44f1cdf783
-
SHA1
3e75f3e0cc374b764be385f2080319d24dd2e1f6
-
SHA256
ede7098a421db325ec6704d3dcf0e91f26787fea3ff2215dca12b8160e22ec80
-
SHA512
0350ae6a29b7c3bb8e51386482343a728eec280cec949ab8c0a76072fa46a9efbda9082c3a887da40b2cc97ed56850315f90b6717900c8b0db2e350db27a265e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-