General

  • Target

    2b6d7f851db5cd7965b0f7cad998dcfc12702ecd42fddbe4062f6dde07b49c00

  • Size

    697KB

  • Sample

    240101-fgbpksbggp

  • MD5

    fa5b5185d1bc3f18172cc45d57a90352

  • SHA1

    17d480fb1368ff4f1abdaeb0ed3c8198801d13fb

  • SHA256

    2b6d7f851db5cd7965b0f7cad998dcfc12702ecd42fddbe4062f6dde07b49c00

  • SHA512

    37cedae765bfdb0bddf9d8b12759299a51f89cbc7afb90201638cc327f3d5ad7d0aefe058b49d5c2db9d49ee898581aba87bdeeb85928fcc91e93a0689ed7f32

  • SSDEEP

    12288:SNMn7zyhiWxYY+/w12mSavVyR26ip+SJDFWiemTPDGIdG:SNMn7mhiUY4yliXgiemTt

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

20.79.30.95:13856

Targets

    • Target

      2b6d7f851db5cd7965b0f7cad998dcfc12702ecd42fddbe4062f6dde07b49c00

    • Size

      697KB

    • MD5

      fa5b5185d1bc3f18172cc45d57a90352

    • SHA1

      17d480fb1368ff4f1abdaeb0ed3c8198801d13fb

    • SHA256

      2b6d7f851db5cd7965b0f7cad998dcfc12702ecd42fddbe4062f6dde07b49c00

    • SHA512

      37cedae765bfdb0bddf9d8b12759299a51f89cbc7afb90201638cc327f3d5ad7d0aefe058b49d5c2db9d49ee898581aba87bdeeb85928fcc91e93a0689ed7f32

    • SSDEEP

      12288:SNMn7zyhiWxYY+/w12mSavVyR26ip+SJDFWiemTPDGIdG:SNMn7mhiUY4yliXgiemTt

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks