Extracted

• • Target

    Axwud.exe

  • Size

    2.7MB

  • MD5

    b354abdb8c17beeae07b9418535f4bdc

  • SHA1

    cb4fb26e9c00426cf3d1c70f99e72fd36d6c22b9

  • SHA256

    f688fb7b4cf19a4760138e7625915815f4acc23732456a3540f76f39aed90417

  • SHA512

    21a37e78fff981ba88cab5e92b5c61216af93fc8a44bffdc33a3fcb16875d271790d18d6a0247367594965bae0ee0ee8e56994f02db0df5dbd5179a8dd0d613f

  • SSDEEP

    49152:gkQijf+30i0z28t/ufbluz5FANupcvRYc8LgrwK19H8yXhQkMx7Rbw4i:gE7+32szS6guRYewK19H7MDW

  Score

  10^/10

  redlinezgratottolivediscoveryinfostealerpersistenceratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3