General

  • Target

    file.exe

  • Size

    498KB

  • Sample

    240125-xm2xdsebbp

  • MD5

    b2f3f214e959043b7a6b623b82c95946

  • SHA1

    4924ee55c541809f9ba20fd508f2dd98168ffdc7

  • SHA256

    73858a7bbfbc90c05f17abda15758e362f59be5bf440b3dab4b3f0bb8ad44d29

  • SHA512

    c22d3f4e9cf3615034c6a6657e6b1773cb37cec983a87c61b0d0414dad15baa1fbf53e77b4049e9ab3f0a13070b21bb82c523bfa95787035c35a4b38f1b77e67

  • SSDEEP

    12288:ZfeHgDnKkMkMwQ4US85qU6aFRlrF+MxUM+sELH:8AbFdtN8d6rMxt+xH

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

20.79.30.95:33223

Targets

    • Target

      file.exe

    • Size

      498KB

    • MD5

      b2f3f214e959043b7a6b623b82c95946

    • SHA1

      4924ee55c541809f9ba20fd508f2dd98168ffdc7

    • SHA256

      73858a7bbfbc90c05f17abda15758e362f59be5bf440b3dab4b3f0bb8ad44d29

    • SHA512

      c22d3f4e9cf3615034c6a6657e6b1773cb37cec983a87c61b0d0414dad15baa1fbf53e77b4049e9ab3f0a13070b21bb82c523bfa95787035c35a4b38f1b77e67

    • SSDEEP

      12288:ZfeHgDnKkMkMwQ4US85qU6aFRlrF+MxUM+sELH:8AbFdtN8d6rMxt+xH

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks