Extracted

Extracted

• • Target

    qw.dotm

  • Size

    15KB

  • MD5

    19cd6fd29ed067257e00f015b95f06b6

  • SHA1

    76f46883574ac1e0b2c831ae4e15f2b786f663c3

  • SHA256

    4a10e8fcc6e942f08c066c542cec8a4e2c1459c8d901e60cf6f7b74f0c032ec1

  • SHA512

    4c28d8214a5e7b7a1f2f1feffc3ea06977aa7059c854a93248835727a106e01c12727101b22a320edf576c7d919674cd12e083be90f041cd5f1278af06bf7c01

  • SSDEEP

    384:tmtZYh+oI+lpKrkjq2C781DXd6akwLWdxdkYB3to:qloI+lAx8Wakw6Lxk

  Score

  10^/10

  redline23/12/2022infostealerspyware

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2