General

  • Target

    OwnHack.exe

  • Size

    688KB

  • Sample

    240407-v5ylkshh8t

  • MD5

    488ec59553c1539a546d1ebee3de7d4b

  • SHA1

    d35e335a1e43e8944b52045da32a6ca417d0d195

  • SHA256

    dd218871bd172dde1d3912cc1a0dede58f383e1fc4301ab3adbb7f580f3b5411

  • SHA512

    2ee61c7e77fb64ab35a8c768802a9ff1873a8d7dc31b1297fe0ae4d9ad64f095e7fa8bcde8c6bae0c2ed44021303e1def1633582608825f8a8c666d0838e8bb6

  • SSDEEP

    12288:Lqc1JzU2Rji0bevdVn5h8D8crv1xg4QifXADNOHohdAg06H0E+:L9z3+BrnkD8AEoHohdN0++

Malware Config

Targets

    • Target

      OwnHack.exe

    • Size

      688KB

    • MD5

      488ec59553c1539a546d1ebee3de7d4b

    • SHA1

      d35e335a1e43e8944b52045da32a6ca417d0d195

    • SHA256

      dd218871bd172dde1d3912cc1a0dede58f383e1fc4301ab3adbb7f580f3b5411

    • SHA512

      2ee61c7e77fb64ab35a8c768802a9ff1873a8d7dc31b1297fe0ae4d9ad64f095e7fa8bcde8c6bae0c2ed44021303e1def1633582608825f8a8c666d0838e8bb6

    • SSDEEP

      12288:Lqc1JzU2Rji0bevdVn5h8D8crv1xg4QifXADNOHohdAg06H0E+:L9z3+BrnkD8AEoHohdN0++

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks