General
-
Target
das.dotm
-
Size
17KB
-
Sample
230706-cafheaaa3v
-
MD5
73e957de5a5482ecb3d09b16bee4c437
-
SHA1
49ec08b4e68f075361ede886ab1f23e099fceac1
-
SHA256
b3200b327c47f93a8d1049868c459576da23aee389cf9aa84f489e9ee07a3b68
-
SHA512
b5f0c6c70bfa5ff00ff8a25b65f87cd60ec5d6d2c10d989f9a6e3eb2653b76c26d427dac50ebf0b18f970f072046b6ede3a4520f7f01ebd2a9718225ecff036d
-
SSDEEP
384:tmtUg6VnjXbwcQz0MC78QN1Wz0JIE0B3s:qe1HbQzI8QN1Wzqz0a
Behavioral task
behavioral1
Sample
das.dotm
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
das.dotm
Resource
win10v2004-20230703-en
Malware Config
Extracted
https://bitbucket.org/kayodi3643d/kayodi3643-dotvilla.com/downloads/123.zip
Extracted
redline
WORD
5.42.92.116:36870
-
auth_value
03ac9d19ec75717750b3f79404be2f9e
Targets
-
-
Target
das.dotm
-
Size
17KB
-
MD5
73e957de5a5482ecb3d09b16bee4c437
-
SHA1
49ec08b4e68f075361ede886ab1f23e099fceac1
-
SHA256
b3200b327c47f93a8d1049868c459576da23aee389cf9aa84f489e9ee07a3b68
-
SHA512
b5f0c6c70bfa5ff00ff8a25b65f87cd60ec5d6d2c10d989f9a6e3eb2653b76c26d427dac50ebf0b18f970f072046b6ede3a4520f7f01ebd2a9718225ecff036d
-
SSDEEP
384:tmtUg6VnjXbwcQz0MC78QN1Wz0JIE0B3s:qe1HbQzI8QN1Wzqz0a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-