Extracted

• • Target

    Payment_Advice_HSBC_Swift_Copy.pdf.lnk

  • Size

    3KB

  • MD5

    b34d7dcf2fd1a08025934b2b3b60c4d3

  • SHA1

    2d892b1de088baed8ae4df89536b7e197ea7d83e

  • SHA256

    b488b9f29cb8897a1854ca1ec2e943c99ab6724a825bfedf5485f147be6a9387

  • SHA512

    03bcf8eb554b5fcab7f843f3841c20a2a008d3dbdc5904577935122ff2c1fd86c975d9aaec6faaf9ed36354af663deaba39901fe4da700c74e8c4cead605cacd

  Score

  10^/10

  executionredlinecheatdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2