General

  • Target

    e94abe514202de0a3e24c0f45ccea8a6.bin

  • Size

    7.0MB

  • Sample

    240208-eatfdacga9

  • MD5

    2a0aeb791aab76497f60d9a8b9a98075

  • SHA1

    ad9d81c282e492a88d2f12887cca62faa32a3797

  • SHA256

    ee0e233335ea23dec38ffa3da3984859611606bf4ce1581701bd2c5bebe06f90

  • SHA512

    7f384859f2cb77c5aaf7a3b47f2fe4f371159a3c3e7cd333debb3073776c6cc1eef123e16e0a26d9b5564adcbdda86a5e65dd5f553f7c07cb4922368696d6456

  • SSDEEP

    196608:YaFYJca48X2aGYglFaF1qjsrKQ8A4Vcu5rynVv+P:PwBnsMF1m2Krev+

Malware Config

Targets

    • Target

      c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606.exe

    • Size

      12.1MB

    • MD5

      e94abe514202de0a3e24c0f45ccea8a6

    • SHA1

      27770fa35ea2ca6e1cd87f669e21f5e29cfaa381

    • SHA256

      c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606

    • SHA512

      1fe72a35e6e0da642c42848d5009538ab97d5e833466abd25f2aa03e96f8b637a2a9a30054c8ebdf4cdf80570e39f387c9b6a535105a3e9b36b846570114c0d3

    • SSDEEP

      196608:bI14Cek0gfc3haxZH+fiE1jlKkbSPSvFWuFBGFV42uL7e:bKekhfcuZH+XKgHFW+BGFVE7e

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks