Overview

overview

10

Static

static

5

Accessible.tlb

windows7-x64

3

Accessible.tlb

windows10-2004-x64

3

Cracker.dll

windows7-x64

1

Cracker.dll

windows10-2004-x64

1

Data/Language.pimx

windows7-x64

3

Data/Language.pimx

windows10-2004-x64

3

Data/Main.ini

windows7-x64

1

Data/Main.ini

windows10-2004-x64

1

Data/Packa...in.xml

windows7-x64

1

Data/Packa...in.xml

windows10-2004-x64

1

Data/Packa...ce.zip

windows7-x64

1

Data/Packa...ce.zip

windows10-2004-x64

1

Data/Packa...ls.xml

windows7-x64

1

Data/Packa...ls.xml

windows10-2004-x64

Debug/DebugPPF.tmp

windows7-x64

3

Debug/DebugPPF.tmp

windows10-2004-x64

3

Debug/DebugPPT.tmp

windows7-x64

3

Debug/DebugPPT.tmp

windows10-2004-x64

3

Debug/Management.log

windows7-x64

1

Debug/Management.log

windows10-2004-x64

1

Microsoft ...ed.exe

windows7-x64

10

Microsoft ...ed.exe

windows10-2004-x64

7

Resource.dll

windows7-x64

Resource.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

update-settings.ini

windows7-x64

1

update-settings.ini

windows10-2004-x64

1

updater.ini

windows7-x64

1

updater.ini

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Microsoft_Office_Professional_Plus.rar

  • Size

    12.6MB

  • Sample

    221124-zq7yxscf4s

  • MD5

    11a661cc8bd502e55b68a473fee66229

  • SHA1

    c0b7ac854b68d770392a808f9c4f317a8e464780

  • SHA256

    be11a0524365455c9b82b76f4d8942ad3b2d2fc3e6807aa683042005183cadb4

  • SHA512

    db2e7f40c4e8c55e569fade2ae2bf858cbc0b1dcca4423387cb6de2d02fc00962d08e539c469b287e07d4aaf4e3f96c708c785df36fbb5f1ee96b9df2320ab64

  • SSDEEP

    393216:JjiPBt0xXLy2WvOXhzHImKUpvRYFSvooQZ9SudA:JsBtYyfWmmvpv+FSvfy9m

Score
10/10
redline5657451827_99discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

5657451827_99

C2

durstop.xyz:3306

durstop.xyz:28786
Attributes
  • auth_value

    5662e72801bbee1788898414b4a5820b

Targets

    • Target

      Accessible.tlb

    • Size

      2KB

    • MD5

      aa50295fb0d54e2fe77ce5de151e4f2d

    • SHA1

      ece456a4fa4bf5fce40dd12bb2141468cf42e164

    • SHA256

      224650096aa29b8a3c653a25384e56bbdc108326dc1849bbfdc70562f183e8b7

    • SHA512

      6b2bcdd3279d9b1c30ab260d37ed78ee2ef99dd747b31f5ce7fd862e38c0501c4a3f16de399b558656a1702ff4379eaae2cdf49e14f46a96ce3dbda479122f1b

    Score
    3/10
    behavioral1behavioral2

    • Target

      Cracker.dll

    • Size

      56KB

    • MD5

      404aacc737a9d30147d30cee6be0abba

    • SHA1

      5f49b9197d73b53eb3473c80a6f25dc068421baf

    • SHA256

      3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c

    • SHA512

      eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20

    • SSDEEP

      384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a

    Score
    1/10
    behavioral3behavioral4

    • Target

      Data/Language.pimx

    • Size

      22KB

    • MD5

      01fbf905f95578b7c2eb370d5bd867b6

    • SHA1

      6688f78f5afba9bbabca1a398371c063f67447c2

    • SHA256

      a17506a018994501e0cf6847ceee97f7cd9ffcffc48b256d180175256ff5c0f7

    • SHA512

      321c7c325dd886f7a154e7aed21b5e8789cd3ec28a0dd87ade8702524857fb2ff271fca16833f2d393ce9ca45cb6b0b87470357ace1bf49d65e7e0efdf423aa5

    • SSDEEP

      384:ntMbm75pVUbnVhU9PFfRYzF66ZfxjUyy9FeQ3Np:ntMIInrU9PBRR6ZfxOX

    Score
    3/10
    behavioral5behavioral6

    • Target

      Data/Main.ini

    • Size

      24KB

    • MD5

      5bf4353d089309e57865ba86d4199004

    • SHA1

      e2871968fc1aa99c821209f817a94b05b7b7a7f3

    • SHA256

      96088d93be0c39001e87b5647bc8ffdef684a90fa02f0f91d430248f7c3415e2

    • SHA512

      c8489b85c75cacc54535538736d75ab2a2fd60d29b764906fe7acbc26d9887515f5c316b9e2543b9511ffc348fcd88f5e01e4f1baaf9c5ecfb8a95061e12c4ed

    • SSDEEP

      384:az91NaxrAlW10wt+CJgSz8/YK3uOvxtNhymeIbi2OrFc:az91NaxOCJgkRK3zvxtNN

    Score
    1/10
    behavioral7behavioral8

    • Target

      Data/Packaged/Main.ini

    • Size

      1KB

    • MD5

      7b53ebd64e5781e02eaefb6739a6b556

    • SHA1

      d5332b200cf5dcea0419afdb66a15d89b9eb619f

    • SHA256

      b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20

    • SHA512

      c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd

    Score
    1/10
    behavioral10behavioral9

    • Target

      Data/Packaged/Resource.dll

    • Size

      189B

    • MD5

      4427aeee68321d0f4d7befa74e669f83

    • SHA1

      4670003762a1c217c9e8ea48fcc53f2871a7c341

    • SHA256

      a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b

    • SHA512

      9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3

    Score
    1/10
    behavioral11behavioral12

    • Target

      Data/Packaged/Utils.dll

    • Size

      1KB

    • MD5

      73e051427246dd4ca45935b1a4bd7e2d

    • SHA1

      7216f05041252f1c3a9d84aacdf84ef62f1a1045

    • SHA256

      b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f

    • SHA512

      3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral13behavioral14

    • Target

      Debug/DebugPPF.tmp

    • Size

      11KB

    • MD5

      b1e68fabd5c19aaa21de6351554aae2e

    • SHA1

      66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8

    • SHA256

      63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca

    • SHA512

      6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd

    • SSDEEP

      192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S

    Score
    3/10
    behavioral15behavioral16

    • Target

      Debug/DebugPPT.tmp

    • Size

      11KB

    • MD5

      4969578a5fd8d113ab7783812849c1ed

    • SHA1

      580f84362a74337b2ed25bd58700e9a002e51bc9

    • SHA256

      9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0

    • SHA512

      49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef

    • SSDEEP

      192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ

    Score
    3/10
    behavioral17behavioral18

    • Target

      Debug/Management.log

    • Size

      8KB

    • MD5

      ff765d6581fe6568aaae19de239b2e7a

    • SHA1

      78b09b0ce2e59ce87f65251ea903842c1c77046a

    • SHA256

      4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc

    • SHA512

      8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e

    • SSDEEP

      192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a

    Score
    1/10
    behavioral19behavioral20

    • Target

      Microsoft Office Pro Cracked.exe

    • Size

      715.0MB

    • MD5

      c0bbac15a3dee9add93bfd35198e3065

    • SHA1

      18690de17472063d8049c6ac6e5041f23cac929a

    • SHA256

      6d297439246034dfe3232ff21dc9d82556a09ac9c8c72deb962dab36c9c064d6

    • SHA512

      a92c8f104b2683866f94c325bcd8f36b5c988e65154315db3146d440dafd061c3d3d6a995f7856894ebd79772cfefb8b577a6fc3aea559f9dff619ad67ed8f56

    • SSDEEP

      24576:WAHnh+eWsN3HqQaeUm2roHom2KXMmHap5i2bHT:xh+8VaqoPK8YaT

    Score
    10/10
    redline5657451827_99discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral21behavioral22

    • Target

      Resource.dll

    • Size

      10.7MB

    • MD5

      641dadbb3f03938da99bf7c6c4cc482f

    • SHA1

      b21bdb69a17642ade8e62fcbd779ff1bc89ea809

    • SHA256

      883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479

    • SHA512

      7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5

    • SSDEEP

      196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP

    Score
    1/10
    behavioral23behavioral24

    • Target

      libGLESv2.dll

    • Size

      5.8MB

    • MD5

      fa36a0ac7e17ed74f89ab26e87bca822

    • SHA1

      494e1dba754233be49507800046cd464b7a95df0

    • SHA256

      9288b00918210aba7bfb178aad65cb8b78f3704d346b3b9c3c28782aaa5b22cb

    • SHA512

      657ef09896e6f23b995a80829799418cff93ff279899f5c443b01d05b391f3b30ae87a24e6830e3c1baa0dc45ac31df0f827d9757508cf52c840760109aae5ca

    • SSDEEP

      49152:/pQCuPTkVllbkLWjnUsPgb07Qk4kX5RK6M4LQJ1jBpWs8JB0hXGDew3fGwuIiJ/D:xQCSwAsgXjpWs8ZJBl/

    Score
    1/10
    behavioral25behavioral26

    • Target

      update-settings.ini

    • Size

      138B

    • MD5

      63172eb097d40b7f5672b9e9287f1717

    • SHA1

      ea31a5931bd7264bdf459092c5e3e5fd9a444a23

    • SHA256

      f4398a21462e1725bc37f51b26b91ff844adea6ceb16e78bf01736d7343ea98a

    • SHA512

      8f52d86f742f816c8993ee398e2543749264661b0410c637929e6f1cb79bd7e8a2aaa1da4dc682e8746e3b98b128cb74e084f7d5d7a4ad4cbc21ec29b10f190f

    Score
    1/10
    behavioral27behavioral28

    • Target

      updater.ini

    • Size

      1KB

    • MD5

      c5d86abaf2caf3c56ef01756a92520ef

    • SHA1

      b8f0744b6ce5754edae35f855b20b6103b39c40b

    • SHA256

      a08be023d13355644caa6cda5db56d1835be480b360815499957c306602b61d1

    • SHA512

      a0a33caf1bf9d775aec7404bba4ce15f2fbe01aef61851b2d985c68e8b6277d462ab633cd7d16f5f75fdb66c36e7bb02af19a68048c3d9423a8ef4fd5fde91b3

    Score
    1/10
    behavioral29behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

Score
5/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

redline5657451827_99discoveryinfostealerspywarestealer
Score
10/10

behavioral22

discoveryspywarestealer
Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10