Overview

overview

10

Static

static

1

DotHelp.dll

windows7-x64

1

DotHelp.dll

windows10-2004-x64

1

Loader.exe

windows7-x64

1

Loader.exe

windows10-2004-x64

10

Settings/N...16.exe

windows7-x64

7

Settings/N...16.exe

windows10-2004-x64

7

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

opengl32.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.rar

  • Size

    10.2MB

  • Sample

    240523-w1dahsbg28

  • MD5

    04b8b776ecc6bfc29ed35e29b348676a

  • SHA1

    33115867b8feda5f4053861fe72ccb54b9da4d57

  • SHA256

    7bdcd02e33aee2a01a66cd98b8fb045b7cc7386b3a08c3841698a668fe353c5a

  • SHA512

    ca211c4947db511d42b06cb03fd72672c60db86d9aafddb9ed3cff107d687d99d6b404aed458c57ace481c0d61099e439bd55956e075b3479b7ead47133fc37d

  • SSDEEP

    196608:D06p2yRw1hPTY2DgOIh1hcJGlNBVdhQ2zLKYJCF0vyyrH+hd1bJGAL:DR8+eZdDGh1eJsBVPQvYJk0Jb+hdDGW

Score
10/10
redlinediscoveryexecutioninfostealerspywarestealer

Malware Config

Targets

    • Target

      DotHelp.dll

    • Size

      371KB

    • MD5

      6e20b6ec7a415d3cc4a56d764546c5a7

    • SHA1

      5df99a6952d400adfb5c59f4581466425eb9935a

    • SHA256

      b5c100e10b6f8c5db0715267a897ce1348d3152a3a92cebc4acd0d7f7749b90a

    • SHA512

      9d85c36f3aa1cc3a0744a59dcabb576329111ae7109387d6c3f50e0d86984116d7c715ea568e56ca971c05dd6b3fe9c87a1d39103245c76c5c6f1fd811e5bc41

    • SSDEEP

      6144:23s0N4Z8lhuom5MOK3BkmaCbtQIQ2retFbq8d+P1cvcqKWSyU5C0O6yecZ3KPP40:2cX8l0oWA3TaYhrsM8wRho0O6ncZ3U

    Score
    1/10
    behavioral1behavioral2

    • Target

      Loader.exe

    • Size

      48.7MB

    • MD5

      1273533423237d5e560b8399cbc25c06

    • SHA1

      9a0a2edfe3ec73bf2053bea07731dfe7588ac432

    • SHA256

      29e33bb4d148ae0341e9f7ea5ae40548172d3a66413d6f5cf78f461e8151d24e

    • SHA512

      73f35cd410cee27968ca2b6396d75a23ce95066df8b10d3b0509cae2cd0a7f9703e3e878163b5f7957a8b7a43a75009eadbfb800f12b2967b390053af21b4a2c

    • SSDEEP

      196608:Yg2gzmnzYgF8YFUi53gC+TVrJ6+5NHu8ge0oAUfMJXw9if:9VzmnDH53gC26+Hce0eH9if

    Score
    10/10
    redlinediscoveryexecutioninfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Settings/Net_Framework_4.8.16.exe

    • Size

      1.4MB

    • MD5

      86482f2f623a52b8344b00968adc7b43

    • SHA1

      755349ecd6a478fe010e466b29911d2388f6ce94

    • SHA256

      2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57

    • SHA512

      64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d

    • SSDEEP

      24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      libGLESv2.dll

    • Size

      1.4MB

    • MD5

      8306600f6c59fca3a7f1b6051a70a34c

    • SHA1

      9d2fd76fd7ef118ea96bc26ae0c03c428d91e34e

    • SHA256

      cd9ffd828af9e4ccad1cdab755d9393174857b071a997548d9e3c4f20999320e

    • SHA512

      414bcfe0de34a2ce51940ad8220627e74abb09a2d5250c60a161625e780540a0bf204583e0638546bed25c6372c8c8a053b6c6e31959d4f581c8802762e1380d

    • SSDEEP

      12288:BoZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7iZo7Xo7VZo7VZov:Z

    Score
    1/10
    behavioral7behavioral8

    • Target

      opengl32.dll

    • Size

      3.9MB

    • MD5

      e23a909c4d1f86e86dc366ae461fee04

    • SHA1

      295259f69918736ee71ddcf32347c75eb0154ee6

    • SHA256

      f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a

    • SHA512

      3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8

    • SSDEEP

      49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr

    Score
    1/10
    behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks