Overview
overview
10Static
static
Installer/...er.exe
windows10-2004_x64
10Installer/browser.dll
windows10-2004_x64
1Installer/...fi.dll
windows10-2004_x64
1Installer/...xe.dll
windows10-2004_x64
1Installer/...fi.dll
windows10-2004_x64
1Installer/...xe.dll
windows10-2004_x64
1Installer/...32.dll
windows10-2004_x64
1General
-
Target
master.zip
-
Size
3.3MB
-
Sample
220620-134ygadha6
-
MD5
b545225ee45209daee6c1e5a24d2fbe4
-
SHA1
81efd59294d1d14605198a688db777243e9e104d
-
SHA256
748d8690bbd95248e5ef77961a4baa8c87aa70a38e5fcd465a37b24e65558527
-
SHA512
7b9da12a92f902cac29cb9720c4217418d02128d917d4028ccbd2b82e487931fc9878ccee023d109ae7bdb9a22413a6746219710edd6d4392f69c1d6110e7663
Static task
static1
Behavioral task
behavioral1
Sample
Installer/Installer.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral2
Sample
Installer/browser.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Installer/en-US/winload.efi.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral4
Sample
Installer/en-US/winload.exe.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Installer/en-US/winresume.efi.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral6
Sample
Installer/en-US/winresume.exe.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Installer/ssleay32.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
777
89.22.227.140:31288
-
auth_value
e42115cf07e73321acdde5e388b0aef9
Targets
-
-
Target
Installer/Installer.exe
-
Size
718.2MB
-
MD5
21789861e186b60def326d7fd6966fb1
-
SHA1
354987da5189498370577768cc3125f2d2b3167c
-
SHA256
ccfcbfa79a53af233a5f5fdea50eadd1f4868459cf241790dbbe6704ac054de5
-
SHA512
9b3f0beeb76011fcdf97e8a934920c7f74f5c3008d76d06f5b8ea20c8bc374305ff1e55b75fb8c6f746f1ca0123cdd61fc971299914524449670d23fd0a26839
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
Installer/browser.dll
-
Size
132KB
-
MD5
bc111aadacd0bf59d56547461d13ab6e
-
SHA1
b9a5440bfacc2584668b20056152c74420a5a4f8
-
SHA256
91e3619930c29ee4b2683683888ba7ee3cf6b1ddb0c19a14e0880470cbe40ef4
-
SHA512
b72e65eac7007de85bc83700f34187d0d1dc1ffedae9257388ec1e3c6b1900d33d8483a703216ce940afc8eb63a9a2c3040f02ea3761035969ed5d12fd151bb8
Score1/10 -
-
-
Target
Installer/en-US/winload.efi.mui
-
Size
29KB
-
MD5
1bf80c3bdbe730461d4087438f1f23a0
-
SHA1
9d445039e300356e34bcfd6feb48f709c0ac59b3
-
SHA256
648317f6c727a8471c777caba6571a7ea9ff7e943955ef402164cd3e858e5c7d
-
SHA512
abe3c746204427a99b46bfcd4ba4ca6bd3979480597defb9e51b68d977ba3ee340b19b710ec9d855dcd0b3294d51945d36096f2f4f3630f150106cdea74d0647
Score1/10 -
-
-
Target
Installer/en-US/winload.exe.mui
-
Size
29KB
-
MD5
a2cf47e63d0707e50b009e3a8aaba3c6
-
SHA1
5087a624d3bd8819f97cd5213a216e9da5c1cce7
-
SHA256
2927e06045c0e7a87efd7d6060b758918a8b84a5a6022c717c6eb614ba0411df
-
SHA512
de1b0e6aa5e509fbbdbd6e8e415745cb6d6f302452e5c05f5ef7ab35e3f7cbaf10efd8dc2f127c74b7945db6277d56d6dcc85bd44699df4e8b6425c81bac3eec
Score1/10 -
-
-
Target
Installer/en-US/winresume.efi.mui
-
Size
19KB
-
MD5
ae27112d53e91476a680349e970561c8
-
SHA1
f8c555f98f036fc23633cf0fb07b194c77b62f59
-
SHA256
87757a7473668a6b09291db9837ccfaa98312b753c0aa321e285a47e1127df4a
-
SHA512
925b5b5a224dfed3549211b145cc375e9ffc8c5fe0d5f60cdd039f762609ec7a6193dbbf3655fde7555c10edc3609b6ad572de7d02e6cc2896947965e85d5fa2
Score1/10 -
-
-
Target
Installer/en-US/winresume.exe.mui
-
Size
19KB
-
MD5
658565934325ef437374bfad47189865
-
SHA1
cd1e618b5a43782648f5ad5d24531ab98e790d40
-
SHA256
9f16b796395c3b20bbe10743b0e8195378dacb3e29f881f30ac220bf6a670b60
-
SHA512
79d3c42c848403ceeb162d0e00ee7ec75e5bc19addc606519a616dac4d11e366d09091414df153f637e20e5b4ac30368baebff9f0fb1dfcd00aa0b3fb7ee9ab3
Score1/10 -
-
-
Target
Installer/ssleay32.dll
-
Size
481KB
-
MD5
c22b00e2c376789f4e124f427a130421
-
SHA1
12866bca9b5c43a0f7f2ca03b2bd6ba3c6bacf00
-
SHA256
e3f2799537c1de13df20734426c1c3fd0f4b3f8e63019ca9cc2f1ec9b0af1fb1
-
SHA512
68bdcd406f81c9e35453322004c41fc6f542506e3151fb483008824e523f83c24272feea715a736bbdccbb2b2da077b3b1b7a7f9a012df296e412e88d665b548
Score1/10 -