General
-
Target
Document.pdf.scr
-
Size
700.0MB
-
Sample
220725-m2e13ahda4
-
MD5
ea7b8236ca438995b2ee7604043fc20c
-
SHA1
4543d6fbe467c8a17b962e0c19a25fd59d82ded8
-
SHA256
954e35d28e5938766eb6922e08a4e26d5ed892a1578027374d945efbe0d927e3
-
SHA512
22a1173def10e7c74fbcef024127f87635a508044c4fbbfa2f4e32b05823b5fc9fa166645851dbaa32c926a735745ca727dc0183a72fd9f3cc222f9f07395a7a
Static task
static1
Behavioral task
behavioral1
Sample
Document.pdf.scr
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Document.pdf.scr
Resource
win10-20220722-en
Behavioral task
behavioral3
Sample
Document.pdf.scr
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
1
62.204.41.139:25190
-
auth_value
2c239ad7c28c8eab1f9626557bb9457a
Targets
-
-
Target
Document.pdf.scr
-
Size
700.0MB
-
MD5
ea7b8236ca438995b2ee7604043fc20c
-
SHA1
4543d6fbe467c8a17b962e0c19a25fd59d82ded8
-
SHA256
954e35d28e5938766eb6922e08a4e26d5ed892a1578027374d945efbe0d927e3
-
SHA512
22a1173def10e7c74fbcef024127f87635a508044c4fbbfa2f4e32b05823b5fc9fa166645851dbaa32c926a735745ca727dc0183a72fd9f3cc222f9f07395a7a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-