General
-
Target
Purchaseorder.zip
-
Size
623KB
-
Sample
220524-g8wz9sbacn
-
MD5
fe450ff37d17f0420e4fc2dfdc87acbb
-
SHA1
84a198d390d29af034ad3f5046033e4bfb2f1f52
-
SHA256
edd5d8eab7978a0e272cca6f153e2b7e66d0f924925d00bc99af9e7b00ee03fc
-
SHA512
c894764175e1e56f0c71c7433a35911c14450e3176f632fa306b3446f3fcc4b663f91ffbc5b123b9161b74168414f8a903fafbf7e1b7d3cefa3d79f6f8f85eb6
Static task
static1
Behavioral task
behavioral1
Sample
PurchaseorderN2321.xll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PurchaseorderN2321.xll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
PurchaseorderN3455.xll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
PurchaseorderN3455.xll
Resource
win10v2004-20220414-en
Malware Config
Extracted
Extracted
Extracted
redline
love
101.99.93.62:43200
Targets
-
-
Target
PurchaseorderN2321.xll
-
Size
642KB
-
MD5
097f479c059a0457970f5370d1c20607
-
SHA1
52defc3f3200bad2c288bebbec51900519d94c66
-
SHA256
bbd9443b33cfc70359018a41bc56f9a04b05c4761070d9ab805879014047374f
-
SHA512
dbd287780c594cb2dadc34d5362d36ac7d430e25dbc78041564a9efd7ed9d9cc500e20a8720ef2e2a4a7c576856cba69b8c73b0da57df0be7106cafd3b2a6ec9
Score10/10-
Loads dropped DLL
-
-
-
Target
PurchaseorderN3455.xll
-
Size
560KB
-
MD5
831052f170e6d906cdc9dbed25ac1f24
-
SHA1
6b51a5a21dfc8b68ad85ef9a93d815b56b38d058
-
SHA256
fe0c53f6201f2bc220745f6fd58a8bad448aea825320341389feb6b42cbd76e9
-
SHA512
a054cff00bc79aef5891c074fbcf9b4954f2295a80fd4a900b133413c38da56d3cf469ec30ac3f6231b57d48f23532b0ea79d790c674ba1bbafe4745cd62ca61
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-