General

  • Target

    7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e

  • Size

    483KB

  • Sample

    240308-1ypb8agh37

  • MD5

    0f451f781771cc02b1753e5c8ec47778

  • SHA1

    d2019bbbddb88b8e643cb69c53897b169656f4af

  • SHA256

    7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e

  • SHA512

    2f149a4bfc4fe5a768e0faebd54be8c7f220890c7191f08b9a090fa7532e53c84e7a75b404ca1f4a84af0cf26310d6958a026d5c3cca10b74a9f3098f00decce

  • SSDEEP

    12288:n3IU8S6eUd5539WK3Is/I/v6vyV3L2Ounxp:3ItSAd5C6Ua2N4

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.58.113:55615

Targets

    • Target

      7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e

    • Size

      483KB

    • MD5

      0f451f781771cc02b1753e5c8ec47778

    • SHA1

      d2019bbbddb88b8e643cb69c53897b169656f4af

    • SHA256

      7e6579e0448f5e055cc45805f71a2ab3a0de62f779a20684f25f2a6f1d07166e

    • SHA512

      2f149a4bfc4fe5a768e0faebd54be8c7f220890c7191f08b9a090fa7532e53c84e7a75b404ca1f4a84af0cf26310d6958a026d5c3cca10b74a9f3098f00decce

    • SSDEEP

      12288:n3IU8S6eUd5539WK3Is/I/v6vyV3L2Ounxp:3ItSAd5C6Ua2N4

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks