General
-
Target
PAYMENT Copy????.doc.exe
-
Size
250KB
-
Sample
220803-l7xydsbafr
-
MD5
646395fb07fa2a3705ddd7e51d95b1f0
-
SHA1
9beb79c4cb1b5212d555e0e5c2f562bb139ddabc
-
SHA256
858125b27e9ad1c166c1010c00bcdcd11bc0a974712a6b09c8c3f8858a7061d4
-
SHA512
b360b51ea2814a03b499a834cdbb1af0cdbf55df0b3ba42f62ec8116a76f2d4181c353e53564a777038195bc0546d0d82bba4b5728291282466133c60558a926
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT Copy????.doc.exe
Resource
win7-20220715-en
Malware Config
Extracted
redline
FireFox
195.178.120.19:24150
Targets
-
-
Target
PAYMENT Copy????.doc.exe
-
Size
250KB
-
MD5
646395fb07fa2a3705ddd7e51d95b1f0
-
SHA1
9beb79c4cb1b5212d555e0e5c2f562bb139ddabc
-
SHA256
858125b27e9ad1c166c1010c00bcdcd11bc0a974712a6b09c8c3f8858a7061d4
-
SHA512
b360b51ea2814a03b499a834cdbb1af0cdbf55df0b3ba42f62ec8116a76f2d4181c353e53564a777038195bc0546d0d82bba4b5728291282466133c60558a926
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-