General
-
Target
Document.pdf.exe
-
Size
362.9MB
-
Sample
220810-kdfxcahee5
-
MD5
23531c33d025a8e7466511284ecaf046
-
SHA1
f93032d253b36df7a339a22bacfd3aaf2827a1af
-
SHA256
9d7f63ff52fbd0c5850a599fc8e3b6999fc93b742333d85275db9ee547c4348a
-
SHA512
3430525b0a078bd3e2af8e5c1ffc2b99319487d9736924c98a937a771aeb26908f711a01ea1208553f29e11f146d12285fbca53b71209e00668e023af7fc51a8
Static task
static1
Behavioral task
behavioral1
Sample
Document.pdf.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Document.pdf.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
10
62.204.41.139:25190
-
auth_value
34b5c518a86dd5ef3600c8dca14edb7e
Targets
-
-
Target
Document.pdf.exe
-
Size
362.9MB
-
MD5
23531c33d025a8e7466511284ecaf046
-
SHA1
f93032d253b36df7a339a22bacfd3aaf2827a1af
-
SHA256
9d7f63ff52fbd0c5850a599fc8e3b6999fc93b742333d85275db9ee547c4348a
-
SHA512
3430525b0a078bd3e2af8e5c1ffc2b99319487d9736924c98a937a771aeb26908f711a01ea1208553f29e11f146d12285fbca53b71209e00668e023af7fc51a8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-