Overview

overview

10

Static

static

1

data/chrome_elf.dll

windows7-x64

1

data/chrome_elf.dll

windows10-2004-x64

1

data/d3dco...47.dll

windows7-x64

3

data/d3dco...47.dll

windows10-2004-x64

1

data/d9.dll

windows7-x64

5

data/d9.dll

windows10-2004-x64

5

data/dddd.dll

windows7-x64

5

data/dddd.dll

windows10-2004-x64

5

data/event...er.dll

windows7-x64

1

data/event...er.dll

windows10-2004-x64

1

data/libEGL.dll

windows7-x64

1

data/libEGL.dll

windows10-2004-x64

1

data/libGLESv2.dll

windows7-x64

3

data/libGLESv2.dll

windows10-2004-x64

3

data/mojo_core.dll

windows7-x64

1

data/mojo_core.dll

windows10-2004-x64

1

data/sfvstwrap.dll

windows7-x64

1

data/sfvstwrap.dll

windows10-2004-x64

1

data/so4me...ib.dll

windows7-x64

3

data/so4me...ib.dll

windows10-2004-x64

3

data/sonym...xp.dll

windows7-x64

1

data/sonym...xp.dll

windows10-2004-x64

1

data/vdlxi...64.dll

windows7-x64

3

data/vdlxi...64.dll

windows10-2004-x64

3

data/vk_sw...er.dll

windows7-x64

3

data/vk_sw...er.dll

windows10-2004-x64

3

data/vulkan-1.dll

windows7-x64

3

data/vulkan-1.dll

windows10-2004-x64

3

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup.zip

  • Size

    201.8MB

  • Sample

    230218-d3wkrsac4s

  • MD5

    0a504a456d852134006e317fa4b2b58c

  • SHA1

    9523798d294aabf86f64db732a4314b04c1a0265

  • SHA256

    c5f1dfbf8d4b1d8d5c43f668292056d5b670fea174e6e79d3cc2ba341d66a21f

  • SHA512

    d46c71ca8eda42ae6eff316da7bc9aec6e14002dd2e7e400131b40e231949876c4f525ff5281d1fa8c956e4fe905c9b4fe3c45641a858a85246ed2a772896a29

  • SSDEEP

    3145728:atfMyBMh3TS7IAMPwPhEjdtewveo6tfMyBMh3TS7IAMPwPhEjdtewveoCFW0sRlk:XZhlqEJ8wvH3ZhlqEJ8wvHMW5Rl5Y7

Score
10/10
purecrypterredline@fjiif563discoverydownloaderinfostealerloaderpersistencespywarestealer

Malware Config

Extracted

Family

purecrypter

C2

https://speedysecurity.com.br/images/css/waves/bo/Upjcuf.bmp

Extracted

Family

redline

Botnet

@fjiif563

C2

45.15.157.131:36457

Attributes
  • auth_value

    ef361597d90539bf547a8edad2ebafde

Targets

    • Target

      data/chrome_elf.dll

    • Size

      1.3MB

    • MD5

      065a575f197e6637b8f74c8919395892

    • SHA1

      56a0d3f3836f2f295c956c94a99774acfc160ad6

    • SHA256

      8890b56865355c9ea7eca236a6f0b9114d22d85864e5388860c62c0899aa6950

    • SHA512

      6216a4b53884ea58c5c8817436dd962885a92fb6425fc24eddd073f87c4a3a03ee6f0f4486bda8e8eac38c611f1a5e6ceee2831d5b3f8f27c27879b0e41c3ffc

    • SSDEEP

      12288:RpMYYuVq8yfHz7nqCGDysEt2H+z9lH6tJwwnwgPmqrmEoa3yzmGIQqk6Tz7uQ8ot:guyb7nE9HMlH6tJMIQR0uQ8o0T7LBG

    Score
    1/10
    behavioral1behavioral2

    • Target

      data/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      cb9807f6cf55ad799e920b7e0f97df99

    • SHA1

      bb76012ded5acd103adad49436612d073d159b29

    • SHA256

      5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

    • SHA512

      f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

    • SSDEEP

      49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI

    Score
    3/10
    behavioral3behavioral4

    • Target

      data/d9.dll

    • Size

      200.2MB

    • MD5

      a56e5617a52635cc50c810fe6785b68f

    • SHA1

      d451cd22d4fd46b63565adb6e75f47d76502cbd5

    • SHA256

      dc50d80a97cd772dd0d5067df6b2f12e5ef4598ed36d4837b6ca7c9f96dd6860

    • SHA512

      9a627ec9e4c505e2cf16b82c82ef07f50c94a0ff7e5b89e5fc5f84091acccdbd75f0d2ccbfd172b24afca1c12185a92515f0fa6963431e5dd1401765938f3ac2

    • SSDEEP

      1572864:BpGZU4Cwmanvo7P18LJrbZuxXG5xr+R2gTmdjLcgoV0Bpmqgi7omdr71FPeHl8o1:gMGIWPWpgwWyHEH1hY

    Score
    5/10

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      data/dddd.dll

    • Size

      200.2MB

    • MD5

      a56e5617a52635cc50c810fe6785b68f

    • SHA1

      d451cd22d4fd46b63565adb6e75f47d76502cbd5

    • SHA256

      dc50d80a97cd772dd0d5067df6b2f12e5ef4598ed36d4837b6ca7c9f96dd6860

    • SHA512

      9a627ec9e4c505e2cf16b82c82ef07f50c94a0ff7e5b89e5fc5f84091acccdbd75f0d2ccbfd172b24afca1c12185a92515f0fa6963431e5dd1401765938f3ac2

    • SSDEEP

      1572864:BpGZU4Cwmanvo7P18LJrbZuxXG5xr+R2gTmdjLcgoV0Bpmqgi7omdr71FPeHl8o1:gMGIWPWpgwWyHEH1hY

    Score
    5/10

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      data/eventlog_provider.dll

    • Size

      16KB

    • MD5

      ec908b46c0e54933331d8ffdf872fa72

    • SHA1

      5c85b531de79f4187c4450f13cab066f32adc33a

    • SHA256

      d8ac9cff961181928138db90ba100459063f79c67ebfa7151fd65565e5123334

    • SHA512

      6a19aa97300b6b1ab0db2b1dfe32708d43744f452a1e7f9149a60e4d880db993290e01d98cd4ce491d20f81ff82df1abb4de435ce167606cf0e1bf03ec54f882

    • SSDEEP

      192:dPRes4VWyIYiYF8m/Ex72f6Z8fve/aUH+noPOJB3hy2sE9jBF0NyE3lNS:dPK0yIYi6yZ8PUePxh8E9VF0NyE1k

    Score
    1/10
    behavioral10behavioral9

    • Target

      data/libEGL.dll

    • Size

      468KB

    • MD5

      a5f9ba518e9a50de2a4791b7089fe2a9

    • SHA1

      aa90b7fac5e6248936db25743f98bc3f9a414cb9

    • SHA256

      05228e1020b7b9eb7cd7a25be798e5dcbe7286c7f62dce46d9fb0265f8ddcd85

    • SHA512

      dfca2bdf9f47cade1d5d0b51b2d3a192d153f60005ff46f3d3f94bfe60d1e5a165016095d89265332daf92b12d8e1f6a78a008d14c64043ba121505271dfaea3

    • SSDEEP

      6144:b8rkhzVR8O92CYmfaBWp4MY/yrrKkw9bYG/VHpf6dkYR92yz:QAhzVR8O92CVfaBXyvokcFd6+Y9Pz

    Score
    1/10
    behavioral11behavioral12

    • Target

      data/libGLESv2.dll

    • Size

      7.1MB

    • MD5

      2dbb82b699fde23616bb09bbc682f02d

    • SHA1

      ab61757008822e8e4e3d5224926baa0d7f5a0e5d

    • SHA256

      6fe416e5df17c9e324c0cbbfac1221e43b8864052443c54712b7c0c03b511c0a

    • SHA512

      e2af408951318c942ae2de9faf3b681c9977e6c7e4a7a0ac74c77e0d39918ef23a54f46b7f1c5d2bc2cf95a0a593bb0be7dca36705bb98d8f3ff65084a99edcc

    • SSDEEP

      98304:uuM171ZvG5Q570CSPnSFguTgLDxZzXJh4+c+gsOMu:V2V5RSPusHxKtFsc

    Score
    3/10
    behavioral13behavioral14

    • Target

      data/mojo_core.dll

    • Size

      1.6MB

    • MD5

      ea11dcd2ab437a9772253b611eca947f

    • SHA1

      cc2f9fab362852de695c0097f5932819699ae223

    • SHA256

      ebe87ee2d5f4753d6ddbbb77d4415fd2011ff9867da8790b30f10fa520be169a

    • SHA512

      dd8d9736fce73eb1e2e8e5190a7a08dcf55a54586ef408554760eb2f9f4ecb1ebc57cc8799d6892ed348a9be8571a6d2f90ac835dfcce624be1ee19c7d1ea436

    • SSDEEP

      49152:FD9HViaToIfV9KbgTNDfoG2izT67HSbw1q:ubNG2+/

    Score
    1/10
    behavioral15behavioral16

    • Target

      data/sfvstwrap.dll

    • Size

      10.2MB

    • MD5

      a76f33082f4c48e70cc729d1134669e0

    • SHA1

      9a6048f94f80baaf389b17b4020a15d3372768b7

    • SHA256

      8385752496d3329223c5154cf84ac948a7f0eeeff408df886d293cf350210d86

    • SHA512

      4318873644ba2153cad7c0357bf96c3e385dcaffcdf9b3969ab761c3b5f630c722aab3b799c6c7dfe9f7bfdb7cb3ce36d548051cf31eb870e361029ce4b46f4a

    • SSDEEP

      49152:3IbIaIl4NeQFJCnFcq9A6xhe11Z5s08qnwwiCPoCdAAZQVzTbQN2u4XZ1rnve:NFcWapmlXi

    Score
    1/10
    behavioral17behavioral18

    • Target

      data/so4mediainfolib.DLL

    • Size

      5.1MB

    • MD5

      cc6ca4ee5957177f2a69373b8854afac

    • SHA1

      cf7042eb99b7b18ec2ac3c290f0d560506489383

    • SHA256

      09db2bf8388e846efedeef1ca35bd153099ea8a71ab6b2f3432b0860e92acc76

    • SHA512

      4d7f6ae74774275505f637b0dffde7e854b2d9d068b7ce2bf1e4a51836fef878f7ae6ff3b1854a6241ca95acaa853d4c072bfce9e0f0a9b230f1974442a067fb

    • SSDEEP

      49152:00rQA/IyqNhMTTvenzSOrMuwf7eYZbPaqz5g1rLLnHP1PQwk1UEFDoKwG0/l2B8s:SMTTNxmrLcSI4ky/

    Score
    3/10
    behavioral19behavioral20

    • Target

      data/sonymvd2pro_xp.dll

    • Size

      644KB

    • MD5

      edcc650363a574b3234f58cfe9a5214b

    • SHA1

      546284a43b9303d8710b51afdd7d54b0f3102ee1

    • SHA256

      f91b6ebad0775ef3ae8d541918b3c1fe9f97c3e2fa233b181c0df442ff68ae83

    • SHA512

      0186c7f63053bdb9993bac6ce2f6a503142ef446f638461532226a62a85ded07de63fa40be151173e67918ffa213d6648393cfa342b3a0dc81ba8ebaa6b3c72c

    • SSDEEP

      12288:XwOBX8qR1cW74G+EWC5o21KiQFsxQ8dmTC0pgRij2CrhuTWw7EH4Mk44I9KDBi1d:XtBX8qR1cW74G+EWC5o21KiQFsxQ8gr3

    Score
    1/10
    behavioral21behavioral22

    • Target

      data/vdlxipp61_x64.dll

    • Size

      13.7MB

    • MD5

      bde9c30a4b6748aed8c94c5c939927ab

    • SHA1

      1d286f53792b96f896732725700dcea94ab6b9f1

    • SHA256

      dfbc4b7bfbf97ebdf5f63e5dc7ae34382f6415c8aca006c5a2bf22e22709235b

    • SHA512

      e2effdeec594607f9f428229280c654c38a765d4b527a37958d50cad7ca07c7983342c93ed99b557d67e31adad8863b1c14b60dda1d50c764f0215da722b3684

    • SSDEEP

      98304:I9kiiddf7OpZEWXic+DyJiouuCjiE9iGpcekz3BxFhg4BwPGeRJbRyqPBEnl86Ph:I9kiRYmw3Z7ej5edq

    Score
    3/10
    behavioral23behavioral24

    • Target

      data/vk_swiftshader.dll

    • Size

      4.7MB

    • MD5

      65cff6700eba818c057c75287c7b14f2

    • SHA1

      a1cc8ee2311b6065200808a1f6a509ce94b32a20

    • SHA256

      00279690ad79083e3c1b292570035ea2e1e22cf377594a94210c4ff48828a65f

    • SHA512

      2b4baa43e7cb7fff67977e402b19b9c39c8016c75fa86b001fc5aac3d8a1697e4ba5f0d3475c0869e04020f1e075f7803287659f947de7e0b6022aeb439c70b5

    • SSDEEP

      49152:IaZyux4B2UFWiBJT3ZsDMJaoPKdGSQfb/fuoxvuDNkPHk+MHMnVATxfdB09f8XRL:Iu67gUknMVAa9f8RAo

    Score
    3/10
    behavioral25behavioral26

    • Target

      data/vulkan-1.dll

    • Size

      894KB

    • MD5

      4b29603d5f208f805a5227fa1d6713cc

    • SHA1

      ef7c6478e26dd2c2f4fc4ecce0b7d710a9023f09

    • SHA256

      998280e73d8a5d62a25d335b291363d15f3746492ac3d5f4479549f9442c6b9e

    • SHA512

      f863571fd13aea9bbdd0d96ed671a6cd11f28a3a9677357317b6afc0c8990c23176c1ce68a645057cb2dc09d2fc5d93963b7578ae50aa3636d049b5a68584d31

    • SSDEEP

      12288:UQgtdWVrC+8eiZB25pL82ZWdAKT0Yo5KE1so3AJLLP:U1dWtNbBZWz6t1svtT

    Score
    3/10
    behavioral27behavioral28

    • Target

      setup.exe

    • Size

      565.8MB

    • MD5

      b34cf82d7d10a1c8421ef3fe65e4de46

    • SHA1

      574c8dd9986952916786b03c0261230a933f3e9d

    • SHA256

      7e73c496079d96e4ccec427679b791518f25aaca20585a5d54f632064ff880ae

    • SHA512

      69fb1cb2e37c7b3321ff898aac936233521026834c07b92a7c8fa7885a363f5b2a6d6d455309435802f70827bc7ecb955ed9e4c7a8fdbcde212bc479748647ed

    • SSDEEP

      1536:8rae78zjORCDGwfdCSog01313fs5gG8m:kahKyd2n31E5d

    Score
    10/10
    purecrypterdownloaderloaderpersistenceredline@fjiif563discoveryinfostealerspywarestealer

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral29behavioral30

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

Score
5/10

behavioral6

Score
5/10

behavioral7

Score
5/10

behavioral8

Score
5/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

purecrypterdownloaderloaderpersistence
Score
10/10

behavioral30

purecrypterredline@fjiif563discoverydownloaderinfostealerloaderpersistencespywarestealer
Score
10/10