General
-
Target
YE.jpg
-
Size
1.9MB
-
Sample
240304-h3sw4acf8v
-
MD5
db00d76d920d8d9e1a01a0d278d64f0f
-
SHA1
321535469be98ff53be76621c10027ab0d14bc15
-
SHA256
806fb0b10366bb1923a9d4e4545ab76d589a1848eb758c978bc349ca86b22c54
-
SHA512
86950248bed2ad1199d9ded6f74318fe86ee52af99b420dff9101839c9757f816b7629b251fcd867078082a3db48deeb8a1925b2ef73dd0ebae646bac4a62676
-
SSDEEP
49152:pzMD+O974EJW3DyQFXC2p1WuO9WYFNmPR4X50IepawQWAs:pzMDXCiQXFhytNwc50pawQG
Malware Config
Extracted
redline
gg
67.203.7.148:2909
Targets
-
-
Target
YE.jpg
-
Size
1.9MB
-
MD5
db00d76d920d8d9e1a01a0d278d64f0f
-
SHA1
321535469be98ff53be76621c10027ab0d14bc15
-
SHA256
806fb0b10366bb1923a9d4e4545ab76d589a1848eb758c978bc349ca86b22c54
-
SHA512
86950248bed2ad1199d9ded6f74318fe86ee52af99b420dff9101839c9757f816b7629b251fcd867078082a3db48deeb8a1925b2ef73dd0ebae646bac4a62676
-
SSDEEP
49152:pzMD+O974EJW3DyQFXC2p1WuO9WYFNmPR4X50IepawQWAs:pzMDXCiQXFhytNwc50pawQG
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Contacts a large (2353) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-