General
-
Target
34c0a386e4a80eda74f0646b87943e6f.bin
-
Size
160KB
-
Sample
231223-bpzzxsgce2
-
MD5
3a3336854da02d486e43b17769a30ebc
-
SHA1
226b6f2f33af35926436bde2808268bd9e0ab2d5
-
SHA256
71ad92a1511f76cdc11863c22acd6d2046524b9d0279bb7235de5eaa1cf0759a
-
SHA512
088efc2511f1229beba9ca68838ab04e38e0bebfd7e3baebed750319547c5208c4f05bdd519682e3463a911c704ec91df9c4c3e8c177c11150ca3fe1d5fc754b
-
SSDEEP
3072:YBLCpZDbFfbFU54JQ+dXY10GPLarWDKkORkRfoqguyakeoYRXeaK:9pZvFk4JBKLarWmk3mWYeogex
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
redline
@ytlogsbot
195.20.16.190:38173
Targets
-
-
Target
a119e29e28a305d1333be5415f8b59c3bd958c2287e098a5b9d054c19459ae82.exe
-
Size
267KB
-
MD5
34c0a386e4a80eda74f0646b87943e6f
-
SHA1
af2244495eae1a491c50b95031c938dd2d4710ea
-
SHA256
a119e29e28a305d1333be5415f8b59c3bd958c2287e098a5b9d054c19459ae82
-
SHA512
35d8088b7d8c048deb0282e9f08716bf1cf2a1c8a5b109e727ade3c09b43866b6b7b168a10cf3913c0b94f54b7410a4c089558c717a39e72e501213812adc1fd
-
SSDEEP
6144:TbJLAxaHC3Q/QkZ6IKzjuPWLLc0R75JFNs:RMxeCo9Z6ruPYA0RHF
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-