redline

General

Target

2bcdb7a75707f841615be19f4bbcb95fc6b16ce19fb7ea782c5ff43ea1be024d
Size

4.6MB
Sample

231217-188tlshdh8
MD5

1713300ba962c869477e37e4b31e40af
SHA1

d5c4835bc910acccd28dbed0c451043ea8de95ef
SHA256

2bcdb7a75707f841615be19f4bbcb95fc6b16ce19fb7ea782c5ff43ea1be024d
SHA512

70b2a2b17c6b3a0a295baf536451ef38c6e9e292a3c967a9fc950a6de321bbac0dc45e942ef151ba81b717f8ede3166388e68ce75f2afff0ec16aea98ea742e1
SSDEEP

49152:H3rPT2lx2/lJe0f3+EGqX9QB+Vhc5fLBwR/WaMiukso0vOAtPeEvpDKYSEsVhbSm:H/jDem3Lc5FTVkso0vOclpeYSHhIs

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

666

C2

195.20.16.103:18305

Targets

- Target
  
  2bcdb7a75707f841615be19f4bbcb95fc6b16ce19fb7ea782c5ff43ea1be024d
- Size
  
  4.6MB
- MD5
  
  1713300ba962c869477e37e4b31e40af
- SHA1
  
  d5c4835bc910acccd28dbed0c451043ea8de95ef
- SHA256
  
  2bcdb7a75707f841615be19f4bbcb95fc6b16ce19fb7ea782c5ff43ea1be024d
- SHA512
  
  70b2a2b17c6b3a0a295baf536451ef38c6e9e292a3c967a9fc950a6de321bbac0dc45e942ef151ba81b717f8ede3166388e68ce75f2afff0ec16aea98ea742e1
- SSDEEP
  
  49152:H3rPT2lx2/lJe0f3+EGqX9QB+Vhc5fLBwR/WaMiukso0vOAtPeEvpDKYSEsVhbSm:H/jDem3Lc5FTVkso0vOclpeYSHhIs
Score

10^/10

redline zgrat 666 infostealer rat spyware
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2