Overview

overview

10

Static

static

3

ExCheats Loader.exe

windows7-x64

10

ExCheats Loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ExCheats Loader.exe

  • Size

    454KB

  • Sample

    240420-c5p1bsfb8x

  • MD5

    b7f76ced093ca9f03e791a1aeb35ed16

  • SHA1

    ad59e7878fe7c94341ee5dad7b3950d168d5a97b

  • SHA256

    d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765

  • SHA512

    23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2

  • SSDEEP

    6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE

Score
10/10
redlinezgratdiscoveryinfostealerratspywarestealer

Malware Config

Targets

    • Target

      ExCheats Loader.exe

    • Size

      454KB

    • MD5

      b7f76ced093ca9f03e791a1aeb35ed16

    • SHA1

      ad59e7878fe7c94341ee5dad7b3950d168d5a97b

    • SHA256

      d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765

    • SHA512

      23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2

    • SSDEEP

      6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE

    Score
    10/10
    redlinezgratinfostealerratdiscoveryspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks