Extracted

• • Target

    file.exe

  • Size

    498KB

  • MD5

    b2f3f214e959043b7a6b623b82c95946

  • SHA1

    4924ee55c541809f9ba20fd508f2dd98168ffdc7

  • SHA256

    73858a7bbfbc90c05f17abda15758e362f59be5bf440b3dab4b3f0bb8ad44d29

  • SHA512

    c22d3f4e9cf3615034c6a6657e6b1773cb37cec983a87c61b0d0414dad15baa1fbf53e77b4049e9ab3f0a13070b21bb82c523bfa95787035c35a4b38f1b77e67

  • SSDEEP

    12288:ZfeHgDnKkMkMwQ4US85qU6aFRlrF+MxUM+sELH:8AbFdtN8d6rMxt+xH

  Score

  10^/10

  redlinezgratlivetrafficdiscoveryinfostealerratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2