General
-
Target
Contract Quotation Details - Rotational Supply Listing pdf.cab
-
Size
477KB
-
Sample
240712-nvkteasapj
-
MD5
85ee1e327138da51402128bf7936a997
-
SHA1
16e19ff2c8a35c381373ca2a19d8c26ef9c9dc73
-
SHA256
db9d182c6b672f425af7a898d20667df39c19ad6b3369ba5c289545c9e94e235
-
SHA512
7b7c29fcc68b63c81cfb22b562ceede2d1705c7afd542721ad6d15bcc9b64132994cdb5f7f01d61490910c406e08419caec87e120fff6a674ac16860125b6007
-
SSDEEP
6144:k2C3DwqQAVB2QZTfctx/iBiMc9+82Mcnr4n1UY7mxRQCpgnV5gHENdZ15/QDvF9M:SzB3l2UBjc9+8VcG1rmxRQ5DgmZHgCe8
Static task
static1
Behavioral task
behavioral1
Sample
Contract Quotation Details - Rotational Supply Listing pdf.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
french
91.92.243.245:47477
Targets
-
-
Target
Contract Quotation Details - Rotational Supply Listing pdf.exe
-
Size
1.0MB
-
MD5
715d0979fbadb19889e7963f7c33f501
-
SHA1
3ad746befebb85f942868a1f5338cb4e36f355e1
-
SHA256
1b57c64883831484a42351afc0319f33f2dd4ed19b60461a9f65cba5bae1ecd5
-
SHA512
639a322cf569f6d8aeb03c4ddfc8db30f81cc13ab0f3ec1fa19f644c88393adfac24964392c61b0ec213499fd5603b9d51af240aba447226b4357ff8c4571d8a
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa7cGNS5Z5:Wh+ZkldoPK8Ya7crx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-