General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.28409.18163.rtf
-
Size
11KB
-
Sample
220928-j4earsfdc5
-
MD5
05085c14cefd400244d373752d6c6f8a
-
SHA1
d58212b162345e387e4f1a3cd0ccb3da2eff2354
-
SHA256
b2064763e0decfa14ca91e0052b4b88210415f2ae792336702d196deefbf7461
-
SHA512
8984a3260401167f781604ddb1abf2d4ac0c6c679c34c352134139276591275ef2f001b2ef8db4cca66b8852e6e9b0bed025cb33ea4fe7cf6f262ff1d5cdf4f3
-
SSDEEP
192:pmvntCjhSyhW4Mv1B+1gZP9QkdP9nPUz6Vvzo75tO4sxIJAiE0v/wFZMNG3sjDv6:UV6hlyB+1wZ8uVvzodA4sxIJAp0HoyNG
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.28409.18163.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.28409.18163.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
sirus
147.124.223.126:4444
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.28409.18163.rtf
-
Size
11KB
-
MD5
05085c14cefd400244d373752d6c6f8a
-
SHA1
d58212b162345e387e4f1a3cd0ccb3da2eff2354
-
SHA256
b2064763e0decfa14ca91e0052b4b88210415f2ae792336702d196deefbf7461
-
SHA512
8984a3260401167f781604ddb1abf2d4ac0c6c679c34c352134139276591275ef2f001b2ef8db4cca66b8852e6e9b0bed025cb33ea4fe7cf6f262ff1d5cdf4f3
-
SSDEEP
192:pmvntCjhSyhW4Mv1B+1gZP9QkdP9nPUz6Vvzo75tO4sxIJAiE0v/wFZMNG3sjDv6:UV6hlyB+1wZ8uVvzodA4sxIJAp0HoyNG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-