Malicious Excel XLL add-ins push RedLine password-stealing malware
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Add-Ins - T1137.006 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Regsvr32 - T1218.010 Rundll32 - T1218.011 Regsvr32 - T1117 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID a5630a56-e930-4585-81bf-185c34b35dd8
Fingerprint 504ad098d4ff3a9
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 5, 2021, midnight
Added to db Jan. 18, 2023, 10:52 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Malicious Excel XLL add-ins push RedLine password-stealing malware
Title Malicious Excel XLL add-ins push RedLine password-stealing malware
Detected Hints/Tags/Attributes 31/2/10
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
Attributes
Details Type #Events CTI Value
Details Domain 194 
drive.google.com
Details Domain 1 
xxx.link
Details File 459 
regsvr32.exe
Details File 13 
wget.exe
Details File 1 
%userprofile%\javabridge32.exe
Details File 1 
javabridge32.exe
Details sha256 1 
f6c06615e35798274dfa9c4b28aaa6d94220804e766e9a70c4f0dab4779ee1db
Details sha256 1 
626db53138176b8a371878ebaa2dbbd724be9a74f9f82ef9ebb7b7bfc0c6b2e9
Details Url 1 
https://drive.google.com/file/d/xxx/view?usp=sharing
Details Url 1 
https://xxx.link/report.xll