General
-
Target
Document.pdf.scr
-
Size
700.0MB
-
Sample
220727-1cv8msdea2
-
MD5
66313350525d00444319e42f88c9a320
-
SHA1
5e54b8d600254f67fc03cad68a00a7f2a9d89b77
-
SHA256
00770e297ae5fdcaa0f235de9bee97309553bc89c955c47141e21f6fabdd55c7
-
SHA512
a16611adba248ea831a4c25b6d0d46e20793f2f3500a13f29129414756c24ad209118b93e3b435e229e41ab92b01d52bfe31add86c0ed8b6e7469aafff594e2b
Static task
static1
Behavioral task
behavioral1
Sample
Document.pdf.scr
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Document.pdf.scr
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
2
62.204.41.139:25190
-
auth_value
f3af3290196bb8fa91c4ccc1d3fcb28f
Targets
-
-
Target
Document.pdf.scr
-
Size
700.0MB
-
MD5
66313350525d00444319e42f88c9a320
-
SHA1
5e54b8d600254f67fc03cad68a00a7f2a9d89b77
-
SHA256
00770e297ae5fdcaa0f235de9bee97309553bc89c955c47141e21f6fabdd55c7
-
SHA512
a16611adba248ea831a4c25b6d0d46e20793f2f3500a13f29129414756c24ad209118b93e3b435e229e41ab92b01d52bfe31add86c0ed8b6e7469aafff594e2b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-