General
-
Target
hotel-requirements.pdf28.zip
-
Size
66.0MB
-
Sample
230622-v1tf3aha7t
-
MD5
24f925917a8b254db098bcf6de37d7a4
-
SHA1
ce4367516564c72352c7b8528e2e193d310baaac
-
SHA256
74e150367f59cc92a48c8725120865c7b94312981a09d981760431da4485ed50
-
SHA512
06c6d0bb8eb9d3b1f0b409ddf5682590700cafab0a539c939878dddfd42e77306d2b674313beac6f6cf7d05327b4332a4cb09253e45c09af59cb1d97245eb5be
-
SSDEEP
1572864:4TLP/2cmeM+vFdLDsNMcqrGPxW5kCtnETLcvAq9FN9ZSbUI/BF:4ThmdedXws5kCZEl+FN9KUIpF
Static task
static1
Behavioral task
behavioral1
Sample
hotel-requirements.pdf/hotel-requirements.pdf.scr
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
hotel-requirements.pdf/hotel-requirements.pdf.scr
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
Mastif
78.47.242.225:15635
-
auth_value
32b21fb55370c8e21f0f75577471534e
Targets
-
-
Target
hotel-requirements.pdf/hotel-requirements.pdf.scr
-
Size
564.4MB
-
MD5
7faa29f9a965143cf67f27c1455111c1
-
SHA1
f5c34c4399c2fca31c6ac05e14a566374c6732a9
-
SHA256
a06612c8c0ff60c840da39e7d8571e949716bdec4c4a6582fdaae25216907fbe
-
SHA512
2caffe5412262a291fa76a5887ccff316b3983a675a16d97c4dcde087ae3d3ccdb9685f66dbc999d1ade1888d6df45d015e1dd9bc0d396a2abf8761949bf3dd6
-
SSDEEP
786432:MA5OgdnGFPsX2YiMiqN7z5EYUj4Vtpe9oA4Jxo88nvcVkf/2npG4U:M4d2oiU7z5EZMre9GJxo8q0Vkf8a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-