Overview
overview
10Static
static
5Accessible.tlb
windows7-x64
3Accessible.tlb
windows10-2004-x64
3Cracker.dll
windows7-x64
1Cracker.dll
windows10-2004-x64
1Data/Language.pimx
windows7-x64
3Data/Language.pimx
windows10-2004-x64
3Data/Main.ini
windows7-x64
1Data/Main.ini
windows10-2004-x64
1Data/Packa...in.xml
windows7-x64
1Data/Packa...in.xml
windows10-2004-x64
1Data/Packa...ce.zip
windows7-x64
1Data/Packa...ce.zip
windows10-2004-x64
1Data/Packa...ls.xml
windows7-x64
1Data/Packa...ls.xml
windows10-2004-x64
Debug/DebugPPF.tmp
windows7-x64
3Debug/DebugPPF.tmp
windows10-2004-x64
3Debug/DebugPPT.tmp
windows7-x64
3Debug/DebugPPT.tmp
windows10-2004-x64
3Debug/Management.log
windows7-x64
1Debug/Management.log
windows10-2004-x64
1Microsoft ...ed.exe
windows7-x64
10Microsoft ...ed.exe
windows10-2004-x64
7Resource.dll
windows7-x64
Resource.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1update-settings.ini
windows7-x64
1update-settings.ini
windows10-2004-x64
1updater.ini
windows7-x64
1updater.ini
windows10-2004-x64
1General
-
Target
Microsoft_Office_Professional_Plus.rar
-
Size
12.6MB
-
Sample
221124-zq7yxscf4s
-
MD5
11a661cc8bd502e55b68a473fee66229
-
SHA1
c0b7ac854b68d770392a808f9c4f317a8e464780
-
SHA256
be11a0524365455c9b82b76f4d8942ad3b2d2fc3e6807aa683042005183cadb4
-
SHA512
db2e7f40c4e8c55e569fade2ae2bf858cbc0b1dcca4423387cb6de2d02fc00962d08e539c469b287e07d4aaf4e3f96c708c785df36fbb5f1ee96b9df2320ab64
-
SSDEEP
393216:JjiPBt0xXLy2WvOXhzHImKUpvRYFSvooQZ9SudA:JsBtYyfWmmvpv+FSvfy9m
Static task
static1
Behavioral task
behavioral1
Sample
Accessible.tlb
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Accessible.tlb
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Cracker.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Cracker.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Data/Language.pimx
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Data/Language.pimx
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Data/Main.ini
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Data/Main.ini
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Data/Packaged/Main.xml
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Data/Packaged/Main.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
Data/Packaged/Resource.zip
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
Data/Packaged/Resource.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
Data/Packaged/Utils.xml
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
Data/Packaged/Utils.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Debug/DebugPPF.tmp
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
Debug/DebugPPF.tmp
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
Debug/DebugPPT.tmp
Resource
win7-20220901-en
Behavioral task
behavioral18
Sample
Debug/DebugPPT.tmp
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Debug/Management.log
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
Debug/Management.log
Resource
win10v2004-20221111-en
Behavioral task
behavioral21
Sample
Microsoft Office Pro Cracked.exe
Resource
win7-20221111-en
Behavioral task
behavioral22
Sample
Microsoft Office Pro Cracked.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral23
Sample
Resource.dll
Resource
win7-20221111-en
Behavioral task
behavioral24
Sample
Resource.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral25
Sample
libGLESv2.dll
Resource
win7-20221111-en
Behavioral task
behavioral26
Sample
libGLESv2.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
update-settings.ini
Resource
win7-20221111-en
Behavioral task
behavioral28
Sample
update-settings.ini
Resource
win10v2004-20220812-en
Behavioral task
behavioral29
Sample
updater.ini
Resource
win7-20220812-en
Behavioral task
behavioral30
Sample
updater.ini
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
5657451827_99
durstop.xyz:3306
durstop.xyz:28786
-
auth_value
5662e72801bbee1788898414b4a5820b
Targets
-
-
Target
Accessible.tlb
-
Size
2KB
-
MD5
aa50295fb0d54e2fe77ce5de151e4f2d
-
SHA1
ece456a4fa4bf5fce40dd12bb2141468cf42e164
-
SHA256
224650096aa29b8a3c653a25384e56bbdc108326dc1849bbfdc70562f183e8b7
-
SHA512
6b2bcdd3279d9b1c30ab260d37ed78ee2ef99dd747b31f5ce7fd862e38c0501c4a3f16de399b558656a1702ff4379eaae2cdf49e14f46a96ce3dbda479122f1b
Score3/10 -
-
-
Target
Cracker.dll
-
Size
56KB
-
MD5
404aacc737a9d30147d30cee6be0abba
-
SHA1
5f49b9197d73b53eb3473c80a6f25dc068421baf
-
SHA256
3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
-
SHA512
eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score1/10 -
-
-
Target
Data/Language.pimx
-
Size
22KB
-
MD5
01fbf905f95578b7c2eb370d5bd867b6
-
SHA1
6688f78f5afba9bbabca1a398371c063f67447c2
-
SHA256
a17506a018994501e0cf6847ceee97f7cd9ffcffc48b256d180175256ff5c0f7
-
SHA512
321c7c325dd886f7a154e7aed21b5e8789cd3ec28a0dd87ade8702524857fb2ff271fca16833f2d393ce9ca45cb6b0b87470357ace1bf49d65e7e0efdf423aa5
-
SSDEEP
384:ntMbm75pVUbnVhU9PFfRYzF66ZfxjUyy9FeQ3Np:ntMIInrU9PBRR6ZfxOX
Score3/10 -
-
-
Target
Data/Main.ini
-
Size
24KB
-
MD5
5bf4353d089309e57865ba86d4199004
-
SHA1
e2871968fc1aa99c821209f817a94b05b7b7a7f3
-
SHA256
96088d93be0c39001e87b5647bc8ffdef684a90fa02f0f91d430248f7c3415e2
-
SHA512
c8489b85c75cacc54535538736d75ab2a2fd60d29b764906fe7acbc26d9887515f5c316b9e2543b9511ffc348fcd88f5e01e4f1baaf9c5ecfb8a95061e12c4ed
-
SSDEEP
384:az91NaxrAlW10wt+CJgSz8/YK3uOvxtNhymeIbi2OrFc:az91NaxOCJgkRK3zvxtNN
Score1/10 -
-
-
Target
Data/Packaged/Main.ini
-
Size
1KB
-
MD5
7b53ebd64e5781e02eaefb6739a6b556
-
SHA1
d5332b200cf5dcea0419afdb66a15d89b9eb619f
-
SHA256
b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
-
SHA512
c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score1/10 -
-
-
Target
Data/Packaged/Resource.dll
-
Size
189B
-
MD5
4427aeee68321d0f4d7befa74e669f83
-
SHA1
4670003762a1c217c9e8ea48fcc53f2871a7c341
-
SHA256
a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
-
SHA512
9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score1/10 -
-
-
Target
Data/Packaged/Utils.dll
-
Size
1KB
-
MD5
73e051427246dd4ca45935b1a4bd7e2d
-
SHA1
7216f05041252f1c3a9d84aacdf84ef62f1a1045
-
SHA256
b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
-
SHA512
3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Debug/DebugPPF.tmp
-
Size
11KB
-
MD5
b1e68fabd5c19aaa21de6351554aae2e
-
SHA1
66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8
-
SHA256
63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca
-
SHA512
6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd
-
SSDEEP
192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S
Score3/10 -
-
-
Target
Debug/DebugPPT.tmp
-
Size
11KB
-
MD5
4969578a5fd8d113ab7783812849c1ed
-
SHA1
580f84362a74337b2ed25bd58700e9a002e51bc9
-
SHA256
9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0
-
SHA512
49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef
-
SSDEEP
192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ
Score3/10 -
-
-
Target
Debug/Management.log
-
Size
8KB
-
MD5
ff765d6581fe6568aaae19de239b2e7a
-
SHA1
78b09b0ce2e59ce87f65251ea903842c1c77046a
-
SHA256
4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc
-
SHA512
8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e
-
SSDEEP
192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a
Score1/10 -
-
-
Target
Microsoft Office Pro Cracked.exe
-
Size
715.0MB
-
MD5
c0bbac15a3dee9add93bfd35198e3065
-
SHA1
18690de17472063d8049c6ac6e5041f23cac929a
-
SHA256
6d297439246034dfe3232ff21dc9d82556a09ac9c8c72deb962dab36c9c064d6
-
SHA512
a92c8f104b2683866f94c325bcd8f36b5c988e65154315db3146d440dafd061c3d3d6a995f7856894ebd79772cfefb8b577a6fc3aea559f9dff619ad67ed8f56
-
SSDEEP
24576:WAHnh+eWsN3HqQaeUm2roHom2KXMmHap5i2bHT:xh+8VaqoPK8YaT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
5.8MB
-
MD5
fa36a0ac7e17ed74f89ab26e87bca822
-
SHA1
494e1dba754233be49507800046cd464b7a95df0
-
SHA256
9288b00918210aba7bfb178aad65cb8b78f3704d346b3b9c3c28782aaa5b22cb
-
SHA512
657ef09896e6f23b995a80829799418cff93ff279899f5c443b01d05b391f3b30ae87a24e6830e3c1baa0dc45ac31df0f827d9757508cf52c840760109aae5ca
-
SSDEEP
49152:/pQCuPTkVllbkLWjnUsPgb07Qk4kX5RK6M4LQJ1jBpWs8JB0hXGDew3fGwuIiJ/D:xQCSwAsgXjpWs8ZJBl/
Score1/10 -
-
-
Target
update-settings.ini
-
Size
138B
-
MD5
63172eb097d40b7f5672b9e9287f1717
-
SHA1
ea31a5931bd7264bdf459092c5e3e5fd9a444a23
-
SHA256
f4398a21462e1725bc37f51b26b91ff844adea6ceb16e78bf01736d7343ea98a
-
SHA512
8f52d86f742f816c8993ee398e2543749264661b0410c637929e6f1cb79bd7e8a2aaa1da4dc682e8746e3b98b128cb74e084f7d5d7a4ad4cbc21ec29b10f190f
Score1/10 -
-
-
Target
updater.ini
-
Size
1KB
-
MD5
c5d86abaf2caf3c56ef01756a92520ef
-
SHA1
b8f0744b6ce5754edae35f855b20b6103b39c40b
-
SHA256
a08be023d13355644caa6cda5db56d1835be480b360815499957c306602b61d1
-
SHA512
a0a33caf1bf9d775aec7404bba4ce15f2fbe01aef61851b2d985c68e8b6277d462ab633cd7d16f5f75fdb66c36e7bb02af19a68048c3d9423a8ef4fd5fde91b3
Score1/10 -