General
-
Target
doc_iUuaaWfQCtzs.zip
-
Size
4.5MB
-
Sample
220929-kxvvlsbcdj
-
MD5
a17d2e91606858e2092bbd2e1d7118ce
-
SHA1
2a6789c5d416253731539c0ff92b1066362d13f9
-
SHA256
6e7e7fa41f88b845214a89e9466cf74b867859847d790991459134da8c178cd2
-
SHA512
ad2d307493e9826c00fd8d2d2482b3d59b94b7c6511bfee34a7a97b34494418041c00466c4e704ee3288a2b3d4e2b3264684ec10b0ab9b5efdc886dadc12b9bf
-
SSDEEP
98304:ns1WXnSCRc2gygrucXONearDwK4ZqKPmujl4zmYX4HLH:s12Jc2lUucXarDxMmDzza
Behavioral task
behavioral1
Sample
Document.pdf/Document.pdf.scr
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Document.pdf/Document.pdf.scr
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
web
62.204.41.139:25190
-
auth_value
2b0495835b75f494572b5792f0b7a9e1
Targets
-
-
Target
Document.pdf/Document.pdf.scr
-
Size
700.0MB
-
MD5
42a123d2a8c6b9bf813d4ba30c6f7339
-
SHA1
020db224e295b652601f34b1b5284f3ad6bdf22f
-
SHA256
4e5b72658b3ee150f255b726931d387e897d1e5db4f40fbd6a3181e1908671af
-
SHA512
aec4d9c6c9255ad4764a737bb38f68e525d95d38d634e286100c896683fa1bc5f3b62cdc829b6f990fb2570455a6f1c3a7c81e117499065520c24325700cccaf
-
SSDEEP
98304:Xm27HCFxPcIIqb9tIKdgEezl6nW1WIxV2UBPB3VsYT:XmHbPcIIqb9u15zl6nW1WA2rYT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-