General
-
Target
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
Size
467KB
-
Sample
231227-ra63paefa8
-
MD5
604536863bc0e936d4311b088f4e0bd0
-
SHA1
4ce0a11eceab65fcb701c72c328bf77a3374fe8d
-
SHA256
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
SHA512
6959b9f44c0f74ee3da631986c874253f19d169a8629320e373268869e7a75d213c30c4b874fd15747f2e15fbf6d34961a85f0fff348789709d4df5471957b65
-
SSDEEP
6144:xQrMgcLXEr8XWBjiVcKRv+JpMtuYgza3PQNx7e6QY9YoM02nwHypVf3qho8ICNcZ:S4DXEr8X8MbYpsu37p9e2M6howNkFB
Malware Config
Extracted
redline
@cham1ng
45.15.156.167:80
Targets
-
-
Target
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
Size
467KB
-
MD5
604536863bc0e936d4311b088f4e0bd0
-
SHA1
4ce0a11eceab65fcb701c72c328bf77a3374fe8d
-
SHA256
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
SHA512
6959b9f44c0f74ee3da631986c874253f19d169a8629320e373268869e7a75d213c30c4b874fd15747f2e15fbf6d34961a85f0fff348789709d4df5471957b65
-
SSDEEP
6144:xQrMgcLXEr8XWBjiVcKRv+JpMtuYgza3PQNx7e6QY9YoM02nwHypVf3qho8ICNcZ:S4DXEr8X8MbYpsu37p9e2M6howNkFB
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-