General
-
Target
P.O 2709_1.doc
-
Size
11KB
-
Sample
220928-qk384sgaa2
-
MD5
a76a5beb83b71b2e1294d8489d7fbe41
-
SHA1
2a4e957643195550640ad7b954afd26391d40b12
-
SHA256
23318d0693ef4d2530719da58670c9ad00eddfaf18f50382bb3b55812e4f1a59
-
SHA512
496ca014303cbc13ae925cad93422c3bec54159a869a7f5cc8b5e4a33c564cad2b43cae398fd9eb228879ebe991ae54c0c7338effd6b7821cf54e995883e4350
-
SSDEEP
192:zNkjAI4TlUbrRi1uPjRKNS1zqdQtN40e3PHVsy898w3dFrlpRiFkK8Fmlq51T9:z4h4T2bQYrRRacBy898w3dBRIkDwg1h
Static task
static1
Behavioral task
behavioral1
Sample
P.O 2709_1.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
P.O 2709_1.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
sirus
147.124.223.126:4444
Targets
-
-
Target
P.O 2709_1.doc
-
Size
11KB
-
MD5
a76a5beb83b71b2e1294d8489d7fbe41
-
SHA1
2a4e957643195550640ad7b954afd26391d40b12
-
SHA256
23318d0693ef4d2530719da58670c9ad00eddfaf18f50382bb3b55812e4f1a59
-
SHA512
496ca014303cbc13ae925cad93422c3bec54159a869a7f5cc8b5e4a33c564cad2b43cae398fd9eb228879ebe991ae54c0c7338effd6b7821cf54e995883e4350
-
SSDEEP
192:zNkjAI4TlUbrRi1uPjRKNS1zqdQtN40e3PHVsy898w3dFrlpRiFkK8Fmlq51T9:z4h4T2bQYrRRacBy898w3dBRIkDwg1h
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-