General

  • Target

    3c9da20ad78d24df53b661b7129959e0

  • Size

    412KB

  • Sample

    240123-bsgbzsfcf8

  • MD5

    3c9da20ad78d24df53b661b7129959e0

  • SHA1

    e7956e819cc1d2abafb2228a10cf22b9391fb611

  • SHA256

    2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319

  • SHA512

    1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4

  • SSDEEP

    12288:eDmrLy4dMMrASo/n7zUvOTdlzAarl6LmH6RPz5N:um9MMo7zUKdlzlJ62qPP

Malware Config

Targets

    • Target

      3c9da20ad78d24df53b661b7129959e0

    • Size

      412KB

    • MD5

      3c9da20ad78d24df53b661b7129959e0

    • SHA1

      e7956e819cc1d2abafb2228a10cf22b9391fb611

    • SHA256

      2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319

    • SHA512

      1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4

    • SSDEEP

      12288:eDmrLy4dMMrASo/n7zUvOTdlzAarl6LmH6RPz5N:um9MMo7zUKdlzlJ62qPP

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks