General
-
Target
Document.pdf.scr.bin
-
Size
2.1MB
-
Sample
220725-h5e31sbae6
-
MD5
93dd6479d9333cac3202b3ea9502a07c
-
SHA1
27ba3ddc97cb409b9d9b7c61dfb442c1c4655bee
-
SHA256
801e8af2f94a4b713c6d137eaa2c604b31b238038a6ffd6d7543b0089cc88ab9
-
SHA512
948f9a6ce1a02437263b2a6ad332e7a3c5e751776c9fe455b0aa605ac99dd87611b4a1386c4ba908d65455fa012228f99ba4a2501956afb8cc7ceaa03475f7e9
Static task
static1
Behavioral task
behavioral1
Sample
Document.pdf.scr.exe
Resource
win10-20220718-en
Malware Config
Extracted
redline
1
62.204.41.139:25190
-
auth_value
2c239ad7c28c8eab1f9626557bb9457a
Targets
-
-
Target
Document.pdf.scr.bin
-
Size
2.1MB
-
MD5
93dd6479d9333cac3202b3ea9502a07c
-
SHA1
27ba3ddc97cb409b9d9b7c61dfb442c1c4655bee
-
SHA256
801e8af2f94a4b713c6d137eaa2c604b31b238038a6ffd6d7543b0089cc88ab9
-
SHA512
948f9a6ce1a02437263b2a6ad332e7a3c5e751776c9fe455b0aa605ac99dd87611b4a1386c4ba908d65455fa012228f99ba4a2501956afb8cc7ceaa03475f7e9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-