General
-
Target
watchdog.exe
-
Size
2.3MB
-
Sample
221021-269hsshfdl
-
MD5
70e9d9ea20e20326b3b7aa72d0421306
-
SHA1
fa748e956b7e30cd1e02049f80a74e0b64b69f58
-
SHA256
94927ab5236e3207a586d7a5ae3964384907381a3d6bee138ae49093d295a5bd
-
SHA512
a15a0b600602943355201d22c6f885ab1b6a718b3c8c2035373445dcf6c6e2c9d62bfe33e3cb8ae24e9a53cbf4657e697ac1265386e2987be67a6742540e32c6
-
SSDEEP
24576:CLVfYsYskxXqMs+IYzSuAp+1JP0GxVWEAfhGL6aSljl3RuQ55313y:CLv+P/VWEAfhGqjl3Q
Static task
static1
Behavioral task
behavioral1
Sample
watchdog.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
watchdog.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
875784825
79.137.192.6:8362
Targets
-
-
Target
watchdog.exe
-
Size
2.3MB
-
MD5
70e9d9ea20e20326b3b7aa72d0421306
-
SHA1
fa748e956b7e30cd1e02049f80a74e0b64b69f58
-
SHA256
94927ab5236e3207a586d7a5ae3964384907381a3d6bee138ae49093d295a5bd
-
SHA512
a15a0b600602943355201d22c6f885ab1b6a718b3c8c2035373445dcf6c6e2c9d62bfe33e3cb8ae24e9a53cbf4657e697ac1265386e2987be67a6742540e32c6
-
SSDEEP
24576:CLVfYsYskxXqMs+IYzSuAp+1JP0GxVWEAfhGL6aSljl3RuQ55313y:CLv+P/VWEAfhGqjl3Q
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-