General
-
Target
Document.pdf.scr
-
Size
700.0MB
-
Sample
220804-2zckgsdbek
-
MD5
2b2400b8f0d578e12b79193ad0ca4de9
-
SHA1
f9d9f1cdb93a0344e71692260d04d5f2f820d7d5
-
SHA256
50c4600abe6b9a01aa19a65d6525b0507f943271df564bd7e019e3b5ffa98274
-
SHA512
6b1b6608476f339ea3ba37b02178a606b51759e4e27e838680c5dc95c5d3e30d712e4dede45c15e9e2b8adbdaea4ae11de9be33b843d0b5aeca4c89fa38565b6
Static task
static1
Behavioral task
behavioral1
Sample
Document.pdf.scr
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Document.pdf.scr
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
4
62.204.41.139:25190
-
auth_value
e3f1c684b72f36028881fd28e808729c
Targets
-
-
Target
Document.pdf.scr
-
Size
700.0MB
-
MD5
2b2400b8f0d578e12b79193ad0ca4de9
-
SHA1
f9d9f1cdb93a0344e71692260d04d5f2f820d7d5
-
SHA256
50c4600abe6b9a01aa19a65d6525b0507f943271df564bd7e019e3b5ffa98274
-
SHA512
6b1b6608476f339ea3ba37b02178a606b51759e4e27e838680c5dc95c5d3e30d712e4dede45c15e9e2b8adbdaea4ae11de9be33b843d0b5aeca4c89fa38565b6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-