General
-
Target
eReceipt.pdf.exe
-
Size
400KB
-
Sample
221206-sc1t5abh5y
-
MD5
ed53a1e6aaccda70280f1e07ed775df3
-
SHA1
c5a61eb59d061846360fe12946ab9d48e9b3b08f
-
SHA256
edace8cc8a3fe5a7dbb168e105354ff95a721c0fcc4df2062c50cf80574acc40
-
SHA512
b328adc42ddc6d8ad4f2cf2c9ed41cc96a7ad9edccf54c3c9a90ef1b2eed7704c61101e4eefe554061f7de3728b0708f8e687580cbedbd7dc623c0c4440e6e4c
-
SSDEEP
6144:Y/0v8Ww7qUFCj/YqwqqNFBKEo1UZF79X7eUFsLt/BKn6eBj4:Y8v8WwexAqm9o6F79X7eTxgxB
Static task
static1
Behavioral task
behavioral1
Sample
eReceipt.pdf.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
eReceipt.pdf
185.196.20.55:45433
-
auth_value
050a2715e35d1de084f56c43264c9eb1
Targets
-
-
Target
eReceipt.pdf.exe
-
Size
400KB
-
MD5
ed53a1e6aaccda70280f1e07ed775df3
-
SHA1
c5a61eb59d061846360fe12946ab9d48e9b3b08f
-
SHA256
edace8cc8a3fe5a7dbb168e105354ff95a721c0fcc4df2062c50cf80574acc40
-
SHA512
b328adc42ddc6d8ad4f2cf2c9ed41cc96a7ad9edccf54c3c9a90ef1b2eed7704c61101e4eefe554061f7de3728b0708f8e687580cbedbd7dc623c0c4440e6e4c
-
SSDEEP
6144:Y/0v8Ww7qUFCj/YqwqqNFBKEo1UZF79X7eUFsLt/BKn6eBj4:Y8v8WwexAqm9o6F79X7eTxgxB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-