General
-
Target
ExCheats Loader.exe
-
Size
454KB
-
Sample
240420-c5p1bsfb8x
-
MD5
b7f76ced093ca9f03e791a1aeb35ed16
-
SHA1
ad59e7878fe7c94341ee5dad7b3950d168d5a97b
-
SHA256
d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765
-
SHA512
23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2
-
SSDEEP
6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE
Static task
static1
Behavioral task
behavioral1
Sample
ExCheats Loader.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
ExCheats Loader.exe
-
Size
454KB
-
MD5
b7f76ced093ca9f03e791a1aeb35ed16
-
SHA1
ad59e7878fe7c94341ee5dad7b3950d168d5a97b
-
SHA256
d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765
-
SHA512
23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2
-
SSDEEP
6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-