Extracted

• • Target

    Qt5Network.dll

  • Size

    1.3MB

  • MD5

    c24c89879410889df656e3a961c59bcc

  • SHA1

    25a9e4e545e86b0a5fe14ee0147746667892fabd

  • SHA256

    739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e

  • SHA512

    0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034

  • SSDEEP

    24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E

  Score

  1^/10
  behavioral1behavioral2

• • Target

    Qt5Positioning.dll

  • Size

    319KB

  • MD5

    fb45f544d61c6a0a66e7ad3f5c0508b1

  • SHA1

    50331a21dd2db624a559fa7ec5d3a0d93b8944ae

  • SHA256

    e42297b688986f0e6dba17ae82a5d78cba1139bc03a0c30fbb6a6ef6c7f557ca

  • SHA512

    3419f317f34f29996e8e139fe1725c9568bb262ab895a110be925b324fa3703e9a61a29e19b0b18e36cce31008353b9a9f80064b90aac7c16b05f544749e243a

  • SSDEEP

    6144:zL3H526yykA6d0DbxzdMJ6EXmD2AOoLf:v3HWBo4J6W

  Score

  1^/10
  behavioral3behavioral4

• • Target

    Qt5PrintSupport.dll

  • Size

    312KB

  • MD5

    dbf79abfb2fe2490fddfcc5b142326b9

  • SHA1

    8955c5169f62b643a53920607c1392c049d180c2

  • SHA256

    a4869f741088c67a0b449edad15658a9cf1edd8b693e4b23b6172952b6a7f9bf

  • SHA512

    424ff210400a77876fdc6eb87ca245bb475151ebf2656a5e36ee77fe27ff4cbb5f30cd608a0cdf5113fffcaa00398de2e758a1721e7154585a230e53981b6051

  • SSDEEP

    6144:SU6GcHAzLDN8xBznXwgUA2GqWss4A+1gr7pGZmSUbZqXxtUPIsq5okoibIWBk7fB:F6zqLDN8v

  Score

  1^/10
  behavioral5behavioral6

• • Target

    Qt5Qml.dll

  • Size

    3.6MB

  • MD5

    27e0d9b1fd02d19a8745459bd729926f

  • SHA1

    fee35bd148db2a9eb410f3c8f5c9a216be0d6d18

  • SHA256

    53e8fecd7d4b1b74064eba9bfa6a361d52929f440954931b4ba65615148bf0ea

  • SHA512

    aef0caeff970629a6cce00766139a407ac8e7c1179e5dbac1e01e252725f25a6fa771a7bb0cdcb894394b1ee7cff323511fb1eb64901d0c959fe2203d132ecc6

  • SSDEEP

    98304:9myruPbjj6ODMIuT/IRhF/dNjnvkHrNrSdSG779LLLS/o/L4YqoY0Xba+mRR+:9druTjj6ODMIuT/IRhF/dNjnvk

  Score

  1^/10
  behavioral7behavioral8

• • Target

    Qt5QmlModels.dll

  • Size

    430KB

  • MD5

    51addd243d4acbf6e2704b207dfe40b2

  • SHA1

    acbc43b8480c1d8884d1b096d66a2ed678318b06

  • SHA256

    1ac4753056179b358132c55ca3086d550849ae30259ba94f334826c2fbf6c57e

  • SHA512

    c8aec4b704ee70bef16c71b1aded727e3a289831c4cc8f3cb276813e3f2ea1d96f3ff8529dee5ead46eb889206b4a3b4d2e468827fa833831ac69f43cc797064

  • SSDEEP

    6144:s/VXP0g95T6gCk3Ud7Bz+vccX+Wl+tmYZ2u8ruxJM:s/j95TfBI4h7FuL

  Score

  1^/10
  behavioral10behavioral9

• • Target

    Qt5QmlWorkerScript.dll

  • Size

    53KB

  • MD5

    b1355f6f2e317a7c47c7179c1d48f407

  • SHA1

    db7fab191779a9fcc90710da7ece693d55e6feff

  • SHA256

    5c3150972603c07290cf8dcfa7e6d850abb6a1d15f3f1c42d8bdac8623f1a148

  • SHA512

    c0a22ef0abd17c29199960ffd1c2de65a007bd2616f988451dfe88f48ee4a15e0fe3cb4360d3783f8d2c5acd6026f130cb22e0837fdd04ef5f433d3d7a0b6951

  • SSDEEP

    768:PnzAEqsfHbF+RC/q1TXydoz2esnQgSCod1GwvwuZG4B:PnuKMRHlaeYQCPewuZzB

  Score

  1^/10
  behavioral11behavioral12

• • Target

    Qt5Quick.dll

  • Size

    4.1MB

  • MD5

    1318935680b9b9771e1e4c80fa97fbd4

  • SHA1

    e3c8efc59866b68f6e28c163fbaebd24e3dd24d2

  • SHA256

    553451008520a5f0110d84192cba40208fb001c27454f946e85e6fb2e6553292

  • SHA512

    678e4678fcdaf09f8d5ad5f869941f511ba5440ab7cac8e0693f20e16bca09095ccc49325fff2ba0db56df6e4c751a273aec13ccb49e703909efc6ca96f6ab6e

  • SSDEEP

    49152:/HyNQTBKx8buUfPkOTSvvJjw8snmD1OMbSMO/cx1BCHYBQvFEUxKJ:/SY37nSE9EXk

  Score

  1^/10
  behavioral13behavioral14

• • Target

    Qt5QuickControls2.dll

  • Size

    167KB

  • MD5

    60217140ebbd4fe3d430d09505928d45

  • SHA1

    df65388f808c5f6f24e4d320ff7a03db1d1df5ad

  • SHA256

    dd30ade18125471c8700ba01cfb54e85570c0f365e969717bc0ba6ee8199e242

  • SHA512

    8e2ae344145531f03db3a7d916d6e6e85edf7c34778c97f9361455fc12ec013f828a9634abb7f293e548dd9be5c45e9d637d7ecfc10624138476c7eaec532b87

  • SSDEEP

    3072:9yh+Y6ksWf73lmYPgnmdtKS6Kum9HcJPbISsvdwtCDE/:9yh+Y6ksQ3lWKum98FbISsvdwtC

  Score

  1^/10
  behavioral15behavioral16

• • Target

    SoftWare(1).exe

  • Size

    428KB

  • MD5

    fb3f4c11ed7ce4b7398b5e353ec0a6d1

  • SHA1

    7ad1c7b1c99afe865391a5ceceb8752be72ce84c

  • SHA256

    9aba31b9a1a50f3aff37c10628c7373971788ca35778bbfc71027c96a66e69ca

  • SHA512

    bb383b74f9c4d2b4dc6c1d7ecdd00adf53e9f953b5be5b247dcbab08e5952e91a8b779c69b1cdd2ef0aebbee10d9dd4080b3220861901f3ddf25dceedd179846

  • SSDEEP

    6144:w4ollhS4qdxjPxUUsmf5pUlpNWQgasMyJ7Q083kfyJebqLcg6PbSChfmmKU:bm/SNRJ5pI1Rnye083OyY0LwnKU

  Score

  10^/10

  redlinezgratdiscoveryinfostealerratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral17behavioral18

• • Target

    SoftWare(2).exe

  • Size

    840KB

  • MD5

    74a600df1669384b09dd75dc6bb34017

  • SHA1

    250eed70583094d4b8331f15232d626c204b36f1

  • SHA256

    82160bc5eebc3b8f0f06a8a5cac49f208593f8c2510f636f51a9c269771d9245

  • SHA512

    371bad5b1825b30ae2ea050b02662261ca4817626a20c0bbfcca193c4356dca0936ef5a832cb343d6e26aa450a289cb6e03f747093aa572ac43c8ac9349d82f6

  • SSDEEP

    12288:ctf8SWek8KQsqU+lqYCginzm+ZwDOCGezsVVDgH1Ba2Il4H9h8pP0r772VU7L3cQ:kEZb/glqYCg0zwDo/j

  Score

  10^/10

  redlineinfostealerspyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral19behavioral20

• • Target

    ffmpeg.dll

  • Size

    2.6MB

  • MD5

    2fc7f6b0abd1af4988e30e58e8310291

  • SHA1

    9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

  • SHA256

    b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

  • SHA512

    cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

  • SSDEEP

    49152:A14LZeiXTFI6vTD9MxCAJ0qsOw0FZnHzKedVLes+/EnvIS:V7hMxjk0vB

  Score

  1^/10
  behavioral21behavioral22

• • Target

    libEGL.dll

  • Size

    431KB

  • MD5

    1ed91477a02e0e2a64e5e9f26bcea438

  • SHA1

    8058c2bd3342d8d882768188b1e5c45567a8dde9

  • SHA256

    a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

  • SHA512

    c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

  • SSDEEP

    6144:gbSSlxpHPDSDwFRSHXEU4alu73cwp1MmJw7r2qVmTsR6Lbg3y:q9lxdPewF43EDaG+0TP3g3

  Score

  1^/10
  behavioral23behavioral24

• • Target

    libGLESv2.dll

  • Size

    7.5MB

  • MD5

    640a515fcd8e5d5a332c1d40c47700b0

  • SHA1

    0128c9d499deb7866f3d7aae0adab69d9a8f768f

  • SHA256

    927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1

  • SHA512

    792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

  • SSDEEP

    49152:cHYVf3vXozSZVwq1ZET78U9t9Ib7P4jN0gVkel0hZecqjXFArFFiKMTvrd5/Lln+:DWD0Ue/elpegxsgPRPV+fJJ7od0m

  Score

  1^/10
  behavioral25behavioral26

• • Target

    settings/chrome_elf.dll

  • Size

    968KB

  • MD5

    ddc33cf2f8a0d4fa0b96667cb037a5bd

  • SHA1

    277e4695266d7ac368a7635476556a2cc4793d98

  • SHA256

    cdac4bac1481074e5a1664a2c6437273b0a2da068ede892ed0468825429e5e77

  • SHA512

    574bc9f683a8a18b34e70d6830dcc6c0e605f3ed601f921d525f712e74ed3c83e106eb43551ab3325566e032a98a752e24407494081863dd4bc5fcd20f079bd9

  • SSDEEP

    12288:kVq/yoDkMVSDPwy1wmThw2ljaR0E/uDmH5wvQwmeR5+n+orQ:dbsZwmTd1UuiZTwTz

  Score

  1^/10
  behavioral27behavioral28

• • Target

    settings/d3dcompiler_47.dll

  • Size

    4.1MB

  • MD5

    5daacc29ed5218bcb836bfa8dba4dade

  • SHA1

    0f94d6b63e1a8c5def69377a9c2c5b9ed8a2a9d9

  • SHA256

    b548547f7f7e6afc5769be1f084b3e13b6bce07fbacf5de8156a5f88328b621d

  • SHA512

    8ad9243d7d811d8e9768d8213a0bf0c120b8b3081c8374de8459d56ec9e10f11f81acf0d4421d949d3a892bc9468559c4c148b548f1128b674990afb55a31347

  • SSDEEP

    49152:l5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7z:j7iNPWHYE+Bnmc

  Score

  1^/10
  behavioral29

• • Target

    settings/libEGL.dll

  • Size

    382KB

  • MD5

    2bb37aae4eec265d97aea03800a26145

  • SHA1

    06542423b68110c3d5ecf2159114f4c0bc2879b9

  • SHA256

    4a34a80415a041caa00456fcbcfa24cbe8a05d699c8cc302215823826e94bc54

  • SHA512

    66d6307e2a412aadc731bbfe0d96cad3f0aace100de0f7cba970438f7cc8087b8c6a5ac205809622e58d46b92f43da7b213a4713885ae247a1a229e8abf4125a

  • SSDEEP

    6144:5fn91PNKeDQhPAybcKwtN0eHpN5uv4XdWT9V:5fn91PDDQhPRNkN5uv0W3

  Score

  1^/10
  behavioral30behavioral31