General
-
Target
Document.rar
-
Size
5.0MB
-
Sample
220727-pw7j8sdhdl
-
MD5
10e7fa9b1cdf6a901e170c900cdbbe91
-
SHA1
be29db7268140f9c2e9f3c390b60314f5f4e2f67
-
SHA256
4d83ea2172cf708ac8ddde013f1fb26f0710cc327ec6c54ec44cd6f64eb01382
-
SHA512
b4b91fc16eae555aaaada04b9ef59e9a161e8d72ba89e9278f27684e0a6356c88a04a1426746888fc3133437e59077174ce5fb9d98f8e28e001f4ad2b723c150
Static task
static1
Behavioral task
behavioral1
Sample
Document/Document.pdf.scr
Resource
win10v2004-20220722-de
Malware Config
Extracted
redline
2
62.204.41.139:25190
-
auth_value
f3af3290196bb8fa91c4ccc1d3fcb28f
Targets
-
-
Target
Document/Document.pdf.scr
-
Size
700.0MB
-
MD5
66313350525d00444319e42f88c9a320
-
SHA1
5e54b8d600254f67fc03cad68a00a7f2a9d89b77
-
SHA256
00770e297ae5fdcaa0f235de9bee97309553bc89c955c47141e21f6fabdd55c7
-
SHA512
a16611adba248ea831a4c25b6d0d46e20793f2f3500a13f29129414756c24ad209118b93e3b435e229e41ab92b01d52bfe31add86c0ed8b6e7469aafff594e2b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-