redline

General

Target

2CDE23B16BD96A257BB37E37DF2C48D6.exe
Size

655KB
Sample

231214-xryqjahcf9
MD5

2cde23b16bd96a257bb37e37df2c48d6
SHA1

1abb9a627d97d8dce69e3cb1f839a190de909887
SHA256

7d7aa96711d95594ef9c4d53d4698ec8d845c501e4a18ccd09fdc1dca58a4235
SHA512

28440d2947d5dc4aa3981dca38e9baf5acb24d6b8792d69ce3424779ed5ec0837d0cc809b13b312f92357a7b2cb0c2a388737cbb8935cb15ceeb37d3b40bcd32
SSDEEP

12288:Rb27ADkIB4y8HJYqj+BZjHkTy7E75dJHMvJHHqn9GW2Ju:Rb27YZcj3DldJHMvlqn9GV

Score

10^/10

redline zgrat 5 discovery infostealer rat spyware stealer

Malware Config

Extracted

Family

redline

Botnet

5

C2

janaremrau.com:80

Targets

- Target
  
  2CDE23B16BD96A257BB37E37DF2C48D6.exe
- Size
  
  655KB
- MD5
  
  2cde23b16bd96a257bb37e37df2c48d6
- SHA1
  
  1abb9a627d97d8dce69e3cb1f839a190de909887
- SHA256
  
  7d7aa96711d95594ef9c4d53d4698ec8d845c501e4a18ccd09fdc1dca58a4235
- SHA512
  
  28440d2947d5dc4aa3981dca38e9baf5acb24d6b8792d69ce3424779ed5ec0837d0cc809b13b312f92357a7b2cb0c2a388737cbb8935cb15ceeb37d3b40bcd32
- SSDEEP
  
  12288:Rb27ADkIB4y8HJYqj+BZjHkTy7E75dJHMvJHHqn9GW2Ju:Rb27YZcj3DldJHMvlqn9GV
Score

10^/10

redline zgrat 5 discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2