General
-
Target
Document.pdf.scr
-
Size
700.0MB
-
Sample
220922-hzmwnsade6
-
MD5
f112454d6cde973d727e2b436fa2e0d1
-
SHA1
7e1321c9ef20f9687c948907ac8586434d59acf6
-
SHA256
dc7ef7b92c427b3e04afe4cb73ce3b766c1e53b24d1cf68e96a3785840cfe0fb
-
SHA512
1887d2be3a071ce1d6cc5e1d8fab71eb26f8a9cae080f1e1c538378e0c9edc8075fdc9d8da01766857ce3527438a5f463e8c330c3389bfe4c0406cfc784b1955
-
SSDEEP
768:M4gSrhsJNqYVRCPUJbzBi7H1FCL+TgGhEggRs:dt1sfl3k1s6Tga2s
Behavioral task
behavioral1
Sample
Document.pdf.scr
Resource
win7-20220812-en
Malware Config
Extracted
redline
att
62.204.41.139:25190
-
auth_value
b355d5cc1aaf949574c88238282a0927
Targets
-
-
Target
Document.pdf.scr
-
Size
700.0MB
-
MD5
f112454d6cde973d727e2b436fa2e0d1
-
SHA1
7e1321c9ef20f9687c948907ac8586434d59acf6
-
SHA256
dc7ef7b92c427b3e04afe4cb73ce3b766c1e53b24d1cf68e96a3785840cfe0fb
-
SHA512
1887d2be3a071ce1d6cc5e1d8fab71eb26f8a9cae080f1e1c538378e0c9edc8075fdc9d8da01766857ce3527438a5f463e8c330c3389bfe4c0406cfc784b1955
-
SSDEEP
768:M4gSrhsJNqYVRCPUJbzBi7H1FCL+TgGhEggRs:dt1sfl3k1s6Tga2s
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-