Overview
overview
10Static
static
1DotHelp.dll
windows7-x64
1DotHelp.dll
windows10-2004-x64
1Loader.exe
windows7-x64
1Loader.exe
windows10-2004-x64
10Settings/N...16.exe
windows7-x64
7Settings/N...16.exe
windows10-2004-x64
7libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1opengl32.dll
windows10-2004-x64
1General
-
Target
Setup.rar
-
Size
10.2MB
-
Sample
240523-w1dahsbg28
-
MD5
04b8b776ecc6bfc29ed35e29b348676a
-
SHA1
33115867b8feda5f4053861fe72ccb54b9da4d57
-
SHA256
7bdcd02e33aee2a01a66cd98b8fb045b7cc7386b3a08c3841698a668fe353c5a
-
SHA512
ca211c4947db511d42b06cb03fd72672c60db86d9aafddb9ed3cff107d687d99d6b404aed458c57ace481c0d61099e439bd55956e075b3479b7ead47133fc37d
-
SSDEEP
196608:D06p2yRw1hPTY2DgOIh1hcJGlNBVdhQ2zLKYJCF0vyyrH+hd1bJGAL:DR8+eZdDGh1eJsBVPQvYJk0Jb+hdDGW
Static task
static1
Behavioral task
behavioral1
Sample
DotHelp.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DotHelp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Loader.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Settings/Net_Framework_4.8.16.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Settings/Net_Framework_4.8.16.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
opengl32.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DotHelp.dll
-
Size
371KB
-
MD5
6e20b6ec7a415d3cc4a56d764546c5a7
-
SHA1
5df99a6952d400adfb5c59f4581466425eb9935a
-
SHA256
b5c100e10b6f8c5db0715267a897ce1348d3152a3a92cebc4acd0d7f7749b90a
-
SHA512
9d85c36f3aa1cc3a0744a59dcabb576329111ae7109387d6c3f50e0d86984116d7c715ea568e56ca971c05dd6b3fe9c87a1d39103245c76c5c6f1fd811e5bc41
-
SSDEEP
6144:23s0N4Z8lhuom5MOK3BkmaCbtQIQ2retFbq8d+P1cvcqKWSyU5C0O6yecZ3KPP40:2cX8l0oWA3TaYhrsM8wRho0O6ncZ3U
Score1/10 -
-
-
Target
Loader.exe
-
Size
48.7MB
-
MD5
1273533423237d5e560b8399cbc25c06
-
SHA1
9a0a2edfe3ec73bf2053bea07731dfe7588ac432
-
SHA256
29e33bb4d148ae0341e9f7ea5ae40548172d3a66413d6f5cf78f461e8151d24e
-
SHA512
73f35cd410cee27968ca2b6396d75a23ce95066df8b10d3b0509cae2cd0a7f9703e3e878163b5f7957a8b7a43a75009eadbfb800f12b2967b390053af21b4a2c
-
SSDEEP
196608:Yg2gzmnzYgF8YFUi53gC+TVrJ6+5NHu8ge0oAUfMJXw9if:9VzmnDH53gC26+Hce0eH9if
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
Settings/Net_Framework_4.8.16.exe
-
Size
1.4MB
-
MD5
86482f2f623a52b8344b00968adc7b43
-
SHA1
755349ecd6a478fe010e466b29911d2388f6ce94
-
SHA256
2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57
-
SHA512
64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d
-
SSDEEP
24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
libGLESv2.dll
-
Size
1.4MB
-
MD5
8306600f6c59fca3a7f1b6051a70a34c
-
SHA1
9d2fd76fd7ef118ea96bc26ae0c03c428d91e34e
-
SHA256
cd9ffd828af9e4ccad1cdab755d9393174857b071a997548d9e3c4f20999320e
-
SHA512
414bcfe0de34a2ce51940ad8220627e74abb09a2d5250c60a161625e780540a0bf204583e0638546bed25c6372c8c8a053b6c6e31959d4f581c8802762e1380d
-
SSDEEP
12288:BoZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7iZo7Xo7VZo7VZov:Z
Score1/10 -
-
-
Target
opengl32.dll
-
Size
3.9MB
-
MD5
e23a909c4d1f86e86dc366ae461fee04
-
SHA1
295259f69918736ee71ddcf32347c75eb0154ee6
-
SHA256
f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a
-
SHA512
3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8
-
SSDEEP
49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr
Score1/10 -