General
-
Target
AMAZONORDER929293384PDF.exe
-
Size
918KB
-
Sample
211022-xd4pmacad6
-
MD5
4b822ff53f5ad740eeaba9e1bb26ad68
-
SHA1
d3e4912cce03f627ab8da804fc0151c7815f5eb4
-
SHA256
2d21d56c6e2bb7643be411747eabf7c9eaf5316a1520e3a84f1363c53075d87c
-
SHA512
3e4962fe88bac0a4e3d38656b90c5b5229f61b14278c6e9c335118fb1b30a953698187d41ff4624ee93ae39a62268b1c8476e83afc29b9264f430e11e18713d2
Static task
static1
Behavioral task
behavioral1
Sample
AMAZONORDER929293384PDF.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
AMAZONORDER929293384PDF.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
AMAZONORDER929293384PDF.exe
-
Size
918KB
-
MD5
4b822ff53f5ad740eeaba9e1bb26ad68
-
SHA1
d3e4912cce03f627ab8da804fc0151c7815f5eb4
-
SHA256
2d21d56c6e2bb7643be411747eabf7c9eaf5316a1520e3a84f1363c53075d87c
-
SHA512
3e4962fe88bac0a4e3d38656b90c5b5229f61b14278c6e9c335118fb1b30a953698187d41ff4624ee93ae39a62268b1c8476e83afc29b9264f430e11e18713d2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-