General
-
Target
watchdog.exe
-
Size
2.6MB
-
Sample
221020-31x39accf7
-
MD5
683d11458e44a8f700b04c3694710d7c
-
SHA1
6eb33d062195d74648ea122daced528c2a05d7e0
-
SHA256
73cd7f8cca43940c0f4f0234b7e32c6f17c2d2c3af810f5ea936a8cfbaa95c2a
-
SHA512
fc0f08fb9b4816d2a993c2e0729add84f965c045009a6e261d43bd6e3a8b9bcbaf6e0bf5f6a84bc84356bc7a0c290a3b0934bdcb167428d4a874924ef925b851
-
SSDEEP
49152:Iws0JBto87d2cl1UzJ2UjZUN354zNstjl3R:Iws0JBto87d2cl1EJ2FIzNst/
Static task
static1
Behavioral task
behavioral1
Sample
watchdog.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
watchdog.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
875784825
79.137.192.6:8362
Targets
-
-
Target
watchdog.exe
-
Size
2.6MB
-
MD5
683d11458e44a8f700b04c3694710d7c
-
SHA1
6eb33d062195d74648ea122daced528c2a05d7e0
-
SHA256
73cd7f8cca43940c0f4f0234b7e32c6f17c2d2c3af810f5ea936a8cfbaa95c2a
-
SHA512
fc0f08fb9b4816d2a993c2e0729add84f965c045009a6e261d43bd6e3a8b9bcbaf6e0bf5f6a84bc84356bc7a0c290a3b0934bdcb167428d4a874924ef925b851
-
SSDEEP
49152:Iws0JBto87d2cl1UzJ2UjZUN354zNstjl3R:Iws0JBto87d2cl1EJ2FIzNst/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-