Overview
overview
10Static
static
Installer/...gn.dll
windows7-x64
1Installer/...gn.dll
windows10-2004-x64
1Installer/...ts.dll
windows7-x64
1Installer/...ts.dll
windows10-2004-x64
1Installer/...rk.dll
windows7-x64
1Installer/...rk.dll
windows10-2004-x64
1Installer/...er.exe
windows7-x64
10Installer/...er.exe
windows10-2004-x64
10Installer/...64.dll
windows7-x64
1Installer/...64.dll
windows10-2004-x64
1Installer/...64.dll
windows7-x64
1Installer/...64.dll
windows10-2004-x64
1Installer/...00.dll
windows7-x64
1Installer/...00.dll
windows10-2004-x64
1General
-
Target
7c4ff969fb0183723309c48a0aa7ec44.zip
-
Size
6.1MB
-
Sample
221007-htk5wsbgg6
-
MD5
b1e65e1fb6a6153072639c901ed42377
-
SHA1
1e48f36affb48bbe91bcd972bbca1af731da620e
-
SHA256
9acd89082a4b034f8a663eaca62eab61d4c56121514a15b82da1c7bf8986d609
-
SHA512
4133c28c4df60be2ce6f24c236d2565fe7bacff036521497298ebf087658d91460418e280ce7aa416b652182a09430446a5ab48ba3c67602c65e2ba51390a547
-
SSDEEP
196608:0upNAFTE/AcanCC0qCvlvOGrMgFm6kPvOW:ZGE/AyC0qCvgUMqm6jW
Static task
static1
Behavioral task
behavioral1
Sample
Installer/Data/MetroFramework.Design.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Installer/Data/MetroFramework.Design.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
Installer/Data/MetroFramework.Fonts.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Installer/Data/MetroFramework.Fonts.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Installer/Data/MetroFramework.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Installer/Data/MetroFramework.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
Installer/Installer.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Installer/Installer.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Installer/libcrypto-1_1-x64.dll
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Installer/libcrypto-1_1-x64.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
Installer/libssl-1_1-x64.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
Installer/libssl-1_1-x64.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
Installer/msvcr100.dll
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
Installer/msvcr100.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@ukradun
149.57.171.97:80
-
auth_value
feae1571619f90476277cbfc8ed460d1
Targets
-
-
Target
Installer/Data/MetroFramework.Design.dll
-
Size
83KB
-
MD5
b01c771384d246cdd791b807e13404d3
-
SHA1
760a737af97665def7ae351b3dc9d2fa0c0df044
-
SHA256
0e6c2f12130ffe9a8653f8f27d840346ef2e3d3f3aeb9fed989d7cd7715aeab8
-
SHA512
2d763d29ceaf0814643deda5620aa56368b44f7ccf74e569580f7fbdb4d8ec732aac9b8770572ff7e2cb4d819ee2e6a82b4b68e6e8530a98c29f7ad69ccce8fb
-
SSDEEP
1536:Y3qPWvVCMgfw2eeWqjOebgk0jIpePxd76LGYU8j6ecbolG8EB4h88ii0:Y66dsFeeBGPj1L6LGY+ecboC/8ip
Score1/10 -
-
-
Target
Installer/Data/MetroFramework.Fonts.dll
-
Size
809KB
-
MD5
74a1d254d09ba017ef6334619db4b221
-
SHA1
33531e1bad24af6b7d800e2dcf4f3458973c39e0
-
SHA256
973fac358ca947d71477282a219aaa0ad06a5001b4ef6f354c552ef3087761a8
-
SHA512
d457d6eee7ad95c3bbe80ee561c50a4b88617f1f0b29fc8dd3b72c3510b9d564161151bb76ef0b44eaa857c6569b054360f8e2ecf42aa6ddc11178f515ada3e6
-
SSDEEP
12288:BgzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:mzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS
Score1/10 -
-
-
Target
Installer/Data/MetroFramework.dll
-
Size
8.1MB
-
MD5
0483e0deab759f0ae3864aa41d421788
-
SHA1
85ef02c77244b57d436b2c28024024651bc0bf57
-
SHA256
02653aee78a3a06523ac4c3337b53e066b71e55f71cfe6688184fad09b5dea8d
-
SHA512
7eea926f0f39a185a5ef520d827b1eab05c820bb3f2fcd34dd8dfe6c2d3a7dbc49c3282819f2d8f35455d7f576506a3e93e0973ba8ee96293fc2f6348610f333
-
SSDEEP
98304:b+qqx0DWuG4WD9WepLSkj3TDuI2pTNwOLVDoP1wLHjMKQJ/O5xjn2ysq1:iqqtuGXWepLSkj3H92TwGV09KRd
Score1/10 -
-
-
Target
Installer/Installer.exe
-
Size
750.0MB
-
MD5
0f1d91613d37d98c8fdbda00c07bd592
-
SHA1
2a90812531a06bf5fb1f4cb01a9ad627bcb66402
-
SHA256
5cdba4ef24defafa706d9a5c4f8edfc485ad20999d4b3b29027f63e5a84683fa
-
SHA512
d3ef545412726b158d5ab476fae8504a9ad333c9d4b1d3f6029dbb221db27a0e56244977abbe071cff8a6bda2530997ca8737909e107c4f91e94584446bf8318
-
SSDEEP
12288:olTSSulF59dauFnJZdLxnOyRm4XBpIEVe:mulRdaUZhrhe
-
Detect PureCrypter loader
-
PureCrypter
PureCrypter is a loader which is intended for downloading and executing additional payloads.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Installer/libcrypto-1_1-x64.dll
-
Size
3.3MB
-
MD5
609b389b5e76b15f5ea076e60ea194f6
-
SHA1
b1b6b617e6378247b0050a9651bdb309b0908a15
-
SHA256
f0298a8c283b99631ae031796907d663e6be1c3a334b58ee7c61de0f03c92bb2
-
SHA512
62a1e2c69c9463f21518b317e3ce209eab3d18e59e776b3ae03d17435709b80202003ac142b4b662832b512b76439c9143dced9e6479cd11ab7c0c15dabb8d28
-
SSDEEP
49152:MtVwASOEBIU6ibmGtlqjPOh5PLTMIPar9XIL8wGbAbpgdnraqK36+mNPAiV8nXxb:D2+Irty7qI6NuiV811CPwDv3uFfJs
Score1/10 -
-
-
Target
Installer/libssl-1_1-x64.dll
-
Size
666KB
-
MD5
38e42cdb3526d27e10ef4d16dec3506d
-
SHA1
5b734cf5d357e17a4f0c9dd7cf306353d45b9524
-
SHA256
dc123f19571a26e1fabc12d664ee2f351370a5e2c02f7312dcbaba74388687a1
-
SHA512
9f26637b534a1f5df26053ab99ad2e127b11734b31130bbb0a647e8c4eb2222436ecd8badb658891547f0ddfd3998df45c1a1b19dc98b2b0256ce3d25ac055cd
-
SSDEEP
12288:Af8OGe+anMhN65AwhYB455izxq3koTBNF/Q77WkFUQste0QoU2lvz:a+F65AwtTzF/Q7ZyzFQoU2lvz
Score1/10 -
-
-
Target
Installer/msvcr100.dll
-
Size
809KB
-
MD5
8c65f14bf5672e29cc51e43be13f5424
-
SHA1
f82d74accbcb8fae9825cba52a3a2b05f6070911
-
SHA256
a8d8029f967828092680482a51c75e12f4db97926520fb40aaa540cf550567d1
-
SHA512
39ecfc6069204eec38ef806630036af710329811b02c5faaa709098df97965da6220f6daa5553f40560ef010ca9af476bbfdee2d8864bac68053af306451f3ff
-
SSDEEP
12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS
Score1/10 -