General
-
Target
Invoice.exe
-
Size
423KB
-
Sample
220707-kv1yvabhf6
-
MD5
3370a4d4d6653127749ab1c1a459784e
-
SHA1
3e32e4087039f970fe57744f58fdb920efe11e9e
-
SHA256
0b18c0e5b68189be4c9b0cce67d7a7a8c84f49fc0dfa8998da7105e053862b5a
-
SHA512
f9f87046118e0122f186a86e2d29e11f260a6f4d27a42759391a3acb56544295fdb9a2bad681b24c94741ac523924c65c20f733040cccffc5bd5015aa26cfa9a
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
cheat
zera.hopto.org:17939
Targets
-
-
Target
Invoice.exe
-
Size
423KB
-
MD5
3370a4d4d6653127749ab1c1a459784e
-
SHA1
3e32e4087039f970fe57744f58fdb920efe11e9e
-
SHA256
0b18c0e5b68189be4c9b0cce67d7a7a8c84f49fc0dfa8998da7105e053862b5a
-
SHA512
f9f87046118e0122f186a86e2d29e11f260a6f4d27a42759391a3acb56544295fdb9a2bad681b24c94741ac523924c65c20f733040cccffc5bd5015aa26cfa9a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-