General
-
Target
Notepad.zip
-
Size
7.7MB
-
Sample
221003-q5d5qahhhn
-
MD5
ccde406f06d26064ae64dc23ae833181
-
SHA1
8a7dc46ce56ceb552038890550deb8bbd72b25ba
-
SHA256
f34b0225bb66e46f6bb28fa9f1452cd2051adb3e7d2ff8a7f706668648d6a9d5
-
SHA512
9c748b08d9ded37cfd38e269f10152793acdffaa06199fb394f4eb90133aa13ea5ee9446cbdb61e898386aed1272ef6b6443455a81f52cf36fff1310b0bdf191
-
SSDEEP
196608:ilhMTTbQR8RSrem1qKokqJoGJE/sxn/z70+nySHZ:ilhITUwSamU6qJAg/z70MRZ
Static task
static1
Behavioral task
behavioral1
Sample
Notepad++/Notepad++ Setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Notepad++/Notepad++ Setup.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Notepad++/include/ECM_Quickstart_DEU.pdf
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Notepad++/include/ECM_Quickstart_DEU.pdf
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
38.91.100.58:17559
-
auth_value
086df97ad30d1e62a2783489b368b7f8
Targets
-
-
Target
Notepad++/Notepad++ Setup.exe
-
Size
711.5MB
-
MD5
b76e7e5d2effd07d23402ec56dc111af
-
SHA1
7a8442394ea4368f32d3d987ce05e0b3d9ad7d29
-
SHA256
9dfded7ae70d386c01746f3baf5fcffc37217cc037062b066a87150c0fbfec8b
-
SHA512
a72e3dfa82c176517806b97be514e0b4ac8593a8526218fc7af88d7866e3f26a0f93cc66b6d2fdc0ff111c11aebd149b6af16a8fa8086df8b1334885ad9ca583
-
SSDEEP
196608:zlJIFi6xKJYmp2E2cGx4jg9hv+E/1g+G:hJIZKimA4Gyj+vvc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Notepad++/include/ECM_Quickstart_DEU.pdf
-
Size
268KB
-
MD5
e2503ab3cddcafb71544c30541013449
-
SHA1
629fb2445e4e769beeb18fe8128b246cb5b49bf3
-
SHA256
504d66c29bcc5e9715b6360166794e12c1b92f3095befd92b2c8b0c7fba9e3ef
-
SHA512
14eb36ff64ad83a86fe7b1977455aa32d7f633ac50aa425081d8851a695d9ab69246c1b718e98b7a87247a0add4987e27bbd9808d5bbbcbfc4befa5ed4501b66
-
SSDEEP
3072:4JB3ZF+FsjtuZrd9AkcarIhZ624j0/xp5776TN0Umk3VdYxss981s3qNOddeCFRI:0ZFbIxd9sPj6FA/xr2TzdYxsvuFTWap4
Score1/10 -