General
-
Target
PurchaseorderN3455.xll
-
Size
560KB
-
Sample
220524-g9glzaffb8
-
MD5
831052f170e6d906cdc9dbed25ac1f24
-
SHA1
6b51a5a21dfc8b68ad85ef9a93d815b56b38d058
-
SHA256
fe0c53f6201f2bc220745f6fd58a8bad448aea825320341389feb6b42cbd76e9
-
SHA512
a054cff00bc79aef5891c074fbcf9b4954f2295a80fd4a900b133413c38da56d3cf469ec30ac3f6231b57d48f23532b0ea79d790c674ba1bbafe4745cd62ca61
Static task
static1
Behavioral task
behavioral1
Sample
PurchaseorderN3455.xll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PurchaseorderN3455.xll
Resource
win10v2004-20220414-en
Malware Config
Extracted
Extracted
redline
love
101.99.93.62:43200
Targets
-
-
Target
PurchaseorderN3455.xll
-
Size
560KB
-
MD5
831052f170e6d906cdc9dbed25ac1f24
-
SHA1
6b51a5a21dfc8b68ad85ef9a93d815b56b38d058
-
SHA256
fe0c53f6201f2bc220745f6fd58a8bad448aea825320341389feb6b42cbd76e9
-
SHA512
a054cff00bc79aef5891c074fbcf9b4954f2295a80fd4a900b133413c38da56d3cf469ec30ac3f6231b57d48f23532b0ea79d790c674ba1bbafe4745cd62ca61
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-