General
-
Target
watchdog.exe
-
Size
2.5MB
-
Sample
221020-a1qd7afdar
-
MD5
d71fde941872a8e0e6cf022aa4548e63
-
SHA1
6457ad9d7703bf6938d8d4c64307cabfc5892eaf
-
SHA256
dc52cce8d6a3804970d4cfc04e66f10477d84d8982fcf92a2c9096990c2451ca
-
SHA512
7d3787b0ea81e6c4354ae501d5648ab8154f4acb93ca0f7d2f3dc0cecc6f3bf59163103c29b51a2c30251b592b0ee65f72384cf6714861e34595f71a10f0ea41
-
SSDEEP
24576:G1PXffOuEo+YuY/RYPbdMYIrIedj3Xs4b9oUuwZUNmo6LDTrKwLI9qnl3RuQ553A:QPXfmuEpUoUjZUN96LDTrKwkul3U
Static task
static1
Behavioral task
behavioral1
Sample
watchdog.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
watchdog.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
875784825
79.137.192.6:8362
Targets
-
-
Target
watchdog.exe
-
Size
2.5MB
-
MD5
d71fde941872a8e0e6cf022aa4548e63
-
SHA1
6457ad9d7703bf6938d8d4c64307cabfc5892eaf
-
SHA256
dc52cce8d6a3804970d4cfc04e66f10477d84d8982fcf92a2c9096990c2451ca
-
SHA512
7d3787b0ea81e6c4354ae501d5648ab8154f4acb93ca0f7d2f3dc0cecc6f3bf59163103c29b51a2c30251b592b0ee65f72384cf6714861e34595f71a10f0ea41
-
SSDEEP
24576:G1PXffOuEo+YuY/RYPbdMYIrIedj3Xs4b9oUuwZUNmo6LDTrKwLI9qnl3RuQ553A:QPXfmuEpUoUjZUN96LDTrKwkul3U
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-