redline

General

Target

А u r o r a X.zip
Size

8.0MB
Sample

240311-f3blpsdb5s
MD5

fc67cd23a0ff0542a9b1461720441876
SHA1

5d6e1ef27f479a48b4c7f8ee879360399454ba19
SHA256

659cfe7e0d80eacc56a9345d3b77efb9ae6ee2a493f0e0817eda0c134b5bdd73
SHA512

ab1d280c43d22cba76f0124793233fb9dc44748456cf36720fe32b00694b5ac977d16a78a90bcfc63dc66ff5b19c991b146221485a9db0c25f1906165e9a3b7b
SSDEEP

196608:u6AU8yhpW/1Ntg1IcxYVcV4w3bxtrcXD0fCyjBTe/i99eC0mC:PAKhpW/1YI4YVcRH4XDi5Te/oYmC

Score

10^/10

Malware Config

Targets

- Target
  
  A u r o r а/scripts/scripts.dll
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral1
- Target
  
  A u r o r а/А u r o r a.exe
- Size
  
  691KB
- MD5
  
  aab70c1a8440191120575cbbba6c2150
- SHA1
  
  a31aa44bd9e8b21220c205982fc86c2a3d6b9592
- SHA256
  
  9ac92a2e58c5d0230e8b3f0d6793e2bacd85a75f8302a713838d7a0f51427da7
- SHA512
  
  b5992dbde85cb23f0c4fb8df0becc56d0fdd7336b0745080750a3518c31491919e0342eaaa9e152cfe7ac12381d6c48b86c12bb0eeba961112936a16eb6301d5
- SSDEEP
  
  12288:WNH0hgTBscR7Dyzk/Yv/0fSk2VlxOUETL54h5jYg9uTVHZ4CiyBq9PC9bjErs:WNH0hg7lDrAvdVlxzR9U2vyBSMkr
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral2