redline

Sharing

Copy URL

Twitter E-mail

General

Target

External v_4.39.rar
Size

114.5MB
Sample

240420-m8wmdsff4t
MD5

08183a4a599924e8dc346f9c61701c5a
SHA1

2f5de812fec1b7ff2756f803ddffe9fe72d0bcc5
SHA256

6fc494a717e1d8ca843578c7c19a27e4403eea0859393fda256d281cfa6f9535
SHA512

bfe9a9291e6ad9f3218e91d81025fbb18027c3d0a46051cca6ee7768d70609379afdc50e47f51b9e4dc1a39fc6f7b3a2b397a3031ba758178f446c780ee3f727
SSDEEP

3145728:AcFaq8sV/NF+MvuUammTdik53jFloG/BPU58+:HrV/NZYdX53JVBPUz

Score

10^/10

Malware Config

Targets

- Target
  
  ExCheats Loader.exe
- Size
  
  454KB
- MD5
  
  b7f76ced093ca9f03e791a1aeb35ed16
- SHA1
  
  ad59e7878fe7c94341ee5dad7b3950d168d5a97b
- SHA256
  
  d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765
- SHA512
  
  23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2
- SSDEEP
  
  6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE
Score

10^/10

redline zgrat discovery infostealer persistence rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  jre/Welcome.html
- Size
  
  983B
- MD5
  
  3cb773cb396842a7a43ad4868a23abe5
- SHA1
  
  ace737f039535c817d867281190ca12f8b4d4b75
- SHA256
  
  f450aee7e8fe14512d5a4b445aa5973e202f9ed1e122a8843e4dc2d4421015f0
- SHA512
  
  6058103b7446b61613071c639581f51718c12a9e7b6abd3cf3047a3093c2e54b2d9674faf9443570a3bb141f839e03067301ff35422eb9097bd08020e0dd08a4
Score

1^/10
behavioral2
- Target
  
  jre/bin/JAWTAccessBridge-32.dll
- Size
  
  14KB
- MD5
  
  d63933f4e279a140cc2a941ccff38348
- SHA1
  
  75169be2e9bcfe20674d72d43ca6e2bc4a5a9382
- SHA256
  
  532d049e0d7a265754902c23b0f150d665a78a3d6fe09ad51c9be8c29d574a3d
- SHA512
  
  d7a5023a5eb9b0c3b2ad6f55696a166f07fa60f9d1a12d186b23aaaacc92ef948cb5dffa013afc90c4bbe3de077d591185902384f677d0bae2ff7cfd5db5e06c
- SSDEEP
  
  192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
Score

1^/10
behavioral3
- Target
  
  jre/bin/JAWTAccessBridge.dll
- Size
  
  14KB
- MD5
  
  b4eb9b43c293074406adca93681bf663
- SHA1
  
  16580fb7139d06a740f30d34770598391b70ac96
- SHA256
  
  8cd69af7171f24d57cf1e6d0d7acd2b35b4ea5fdf55105771141876a67917c52
- SHA512
  
  a4e999e162b5083b6c6c3eafee4d84d1ec1c61dca6425f849f352ffdccc2e44dfee0625c210a8026f9ff141409eebf9ef15a779b26f59b88e74b6a2ce2e82ef9
- SSDEEP
  
  192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
Score

1^/10
behavioral4
- Target
  
  jre/bin/JavaAccessBridge-32.dll
- Size
  
  125KB
- MD5
  
  2f808ed0642bd5cf8d4111e0af098bbb
- SHA1
  
  006163a07052f3d227c2e541691691b4567f5550
- SHA256
  
  61dfb6126eba8d5429f156eaab24ff30312580b0abe4009670f1dd0bc64f87bb
- SHA512
  
  27dbda3a922747a031ff7434de5a596725ff5ae2bc6dd83d6d5565eb2ba180b0516896323294459997b545c60c9e06da6c2d8dd462a348a6759a404db0f023a7
- SSDEEP
  
  3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
Score

1^/10
behavioral5
- Target
  
  jre/bin/JavaAccessBridge.dll
- Size
  
  124KB
- MD5
  
  c3ded5f41e28faf89338fb46382e4c3e
- SHA1
  
  6f77920776d39550355b146d672c199a3941f908
- SHA256
  
  4691603dfabe6d7b7beac887dadc0e96243c2ff4f9a88ce3793e93356c53aa08
- SHA512
  
  23621f2856899f40cfa9858dc277372bfe39f0205377543eb23e94422d479a53fdf664f4a9a4515c2285811f01d91ab64a834a03a4d3ab0cb7d78f8af11135ff
- SSDEEP
  
  3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
Score

1^/10
behavioral6
- Target
  
  jre/bin/WindowsAccessBridge-32.dll
- Size
  
  95KB
- MD5
  
  f78d2bf2c551be9df6a2f3210a2964c1
- SHA1
  
  b6a4160eca4c0d0552234ff69bcfdf45f0a2a352
- SHA256
  
  9d18e5421a8606985fa54d7cea921d1b8930358a2e4cdf5fdf2a8b3e4d857288
- SHA512
  
  aac8622683be57518f8b03198a03bf1f760e082692c1fb6252e96cdba19d3ceb0a6786ccbd7b98830e865297308fa99dbbea464e41041abdda18aeb862ba993f
- SSDEEP
  
  1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
Score

3^/10
behavioral7
- Target
  
  jre/bin/WindowsAccessBridge.dll
- Size
  
  93KB
- MD5
  
  e5a6231fe1e6fec5f547dfd845d209bc
- SHA1
  
  3f21f90ecc377b6099637d5b59593d2415450d45
- SHA256
  
  51355ea8a7dc238483c8069361776103779ce9fe3cd0267770e321e6e4368366
- SHA512
  
  d5d20df0089f3217b627d39abd57c61e026d0dc537022fb698f85fa6893c7fa348c40295deec78506f0ef608827d39e2f6f3538818ba25e2a0ee1145fcc95940
- SSDEEP
  
  1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
Score

3^/10
behavioral8
- Target
  
  jre/bin/awt.dll
- Size
  
  1.1MB
- MD5
  
  159ccf1200c422ced5407fed35f7e37d
- SHA1
  
  177a216b71c9902e254c0a9908fcb46e8d5801a9
- SHA256
  
  30eb581c99c8bcbc54012aa5e6084b6ef4fcee5d9968e9cc51f5734449e1ff49
- SHA512
  
  ab3f4e3851313391b5b8055e4d526963c38c4403fa74fb70750cc6a2d5108e63a0e600978fa14a7201c48e1afd718a1c6823d091c90d77b17562b7a4c8c40365
- SSDEEP
  
  24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
Score

1^/10
behavioral9
- Target
  
  jre/bin/bci.dll
- Size
  
  15KB
- MD5
  
  a46289384f76c2a41ba7251459849288
- SHA1
  
  4d8ef96edbe07c8722fa24e4a5b96ebfa18be2c4
- SHA256
  
  728d64bc1fbf48d4968b1b93893f1b5db88b052ab82202c6840bf7886a64017d
- SHA512
  
  34d62beb1fa7d8630f5562c1e48839ce9429faea980561e58076df5f19755761454eeb882790ec1035c64c654fc1a8cd5eb46eca12e2bc81449acbb73296c9e8
- SSDEEP
  
  384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
Score

3^/10
behavioral10
- Target
  
  jre/bin/client/jvm.dll
- Size
  
  3.7MB
- MD5
  
  39c302fe0781e5af6d007e55f509606a
- SHA1
  
  23690a52e8c6578de6a7980bb78aae69d0f31780
- SHA256
  
  b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc
- SHA512
  
  67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77
- SSDEEP
  
  98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
Score

3^/10
behavioral11
- Target
  
  jre/bin/dcpr.dll
- Size
  
  139KB
- MD5
  
  4bdc32ef5da731393acc1b8c052f1989
- SHA1
  
  a677c04ecd13f074de68cc41f13948d3b86b6c19
- SHA256
  
  a3b35cc8c2e6d22b5832af74aaf4d1bb35069edd73073dffec2595230ca81772
- SHA512
  
  e71ea78d45e6c6bd08b2c5cd31f003f911fd4c82316363d26945d17977c2939f65e3b9748447006f95c3c6653ce30d2cda67322d246d43c9eb892a8e83deb31a
- SSDEEP
  
  3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
Score

1^/10
behavioral12
- Target
  
  jre/bin/decora_sse.dll
- Size
  
  62KB
- MD5
  
  b04abe76c4147de1d726962f86473cf2
- SHA1
  
  3104bada746678b0a88e5e4a77904d78a71d1ab8
- SHA256
  
  07ff22e96dcfd89226e5b85cc07c34318dd32cda23b7ea0474e09338654bfeb3
- SHA512
  
  2e4e2feb63b6d7388770d8132a880422abf6a01941bff12cad74db4a641bda2dcc8bf58f6dae90e41cc250b79e7956ddf126943e0f6200272f3376a9a19505f1
- SSDEEP
  
  1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
Score

3^/10
behavioral13
- Target
  
  jre/bin/deploy.dll
- Size
  
  442KB
- MD5
  
  5edaeffc60b5f1147068e4a296f6d7fb
- SHA1
  
  7d36698c62386449a5fa2607886f4adf7fb3deef
- SHA256
  
  87847204933551f69f1cba7a73b63a252d12ef106c22ed9c561ef188dffcbae8
- SHA512
  
  a691ef121d3ac17569e27bb6de4688d3506895b1a1a8740e1f16e80eefce70ba18b9c1efd6fd6794fafc59ba2caf137b4007fcdc65ddb8bcbfcf42c97b13535b
- SSDEEP
  
  6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
Score

3^/10
behavioral14
- Target
  
  jre/bin/dt_shmem.dll
- Size
  
  24KB
- MD5
  
  72b7054811a72d9d48c95845f93fcd2c
- SHA1
  
  d25f68566e11b91c2a0989bcc64c6ef17395d775
- SHA256
  
  d4b63243d1787809020ba6e91564d17ffea4762af99201e241f4ecd20108d2e8
- SHA512
  
  c6a16daaf856939615dfde8e9dbe9d5bfc415507011e85e44c6bf88b17b705c35cd7ced8eda8f358745063f41096938d128dee17e14fe93252e5b046bdfcddc0
- SSDEEP
  
  384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
Score

3^/10
behavioral15
- Target
  
  jre/bin/dt_socket.dll
- Size
  
  21KB
- MD5
  
  73603bf0dc85caa2f4c4a38b9806ec82
- SHA1
  
  74ebc4f158936842840973f54af50cdf46bc9096
- SHA256
  
  39ef85ab21f653993c8aaab2a487e8909d6401a21f27cba09283b46556fb16af
- SHA512
  
  5c238d677d458d5b7d43fa3ff424e13b62abfcede66d55e3112dc09bf2f7b640eb8f82d00e41a2c7a7e7b36e3fce3c2dcb060037314418d329466cc462d0bf71
- SSDEEP
  
  384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
Score

1^/10
behavioral16
- Target
  
  jre/bin/dtplugin/deployJava1.dll
- Size
  
  808KB
- MD5
  
  e741028613b1fc49ec5a899be6e3fc34
- SHA1
  
  9eae3d3ca22e92a925395a660b55cecb2eb62d54
- SHA256
  
  9163a546696e581d443b3a6250f61e5368be984c69adfb54ee2b0e51d0fa008e
- SHA512
  
  05c6ce707f4f0f415e74d32f1aacec7e2c7746c3d04c75502eaecafaf9e0108ce6206a8a3939c92edce449ffc0a68fb4389edaa93d61920d1ec85327d1b3a55a
- SSDEEP
  
  24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
Score

1^/10
behavioral17
- Target
  
  jre/bin/dtplugin/npdeployJava1.dll
- Size
  
  886KB
- MD5
  
  4fd3548990caf9771b688532def5de48
- SHA1
  
  567c27a4ea16775085d8e87a38fe58bec4463f7d
- SHA256
  
  bde5df7bcfc35270b57a8982949bf5f25592a2e560a04e9868b84bef83a0ea4b
- SHA512
  
  fd2cf2072a786293e30cd495ba06f4734f0cea63cbc49b6d7a24f6891612375e48d1b5758d9408625e769e8a81c7c34f04278e011bcf47edeb8c2afc13aec20c
- SSDEEP
  
  24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
Score

3^/10
behavioral18
- Target
  
  jre/bin/eula.dll
- Size
  
  106KB
- MD5
  
  a5455b9beb5672d89b1f0fcfaa4c79ca
- SHA1
  
  9c7dbb5ad1cb3ebe7347a9cddd80389902da81ec
- SHA256
  
  89a429889dcd0f6a3fe56217a0feb5912132aab2817643021eae3716da533d4a
- SHA512
  
  131866a4754f4af78a94f0776815e7ea4375736a4b11a723b87a4436fa101d271ffe14e4b49d3ab1ae2fa61cdbded0c3d174c75327be3c24e0e4cc39affa9469
- SSDEEP
  
  1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
Score

1^/10
behavioral19
- Target
  
  jre/bin/fontmanager.dll
- Size
  
  218KB
- MD5
  
  9d5edecf7e33ddd0e2a6a0d34fc12ca1
- SHA1
  
  fc228a80ff85d78aa5bfba2515efed3257b9b009
- SHA256
  
  6d817519c2e2efdd3986eb655c1f687d4774730ab20768df1c0aaef03b110965
- SHA512
  
  b4d58d3415d0255dcd87ef413762bc0f2934aaa6c8151344266949d3dd549abdca1366fa751a988cddc1430ebf5d17668adf02096dd4d5eafe75604c0da0b4c9
- SSDEEP
  
  6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
Score

1^/10
behavioral20
- Target
  
  jre/bin/fxplugins.dll
- Size
  
  147KB
- MD5
  
  7a710f90a74981c2f060fa361d094822
- SHA1
  
  fbdca4e3f19ad5201572974e3c772a3c2694fbb3
- SHA256
  
  9bc52058c02e0c87a6a9470c62d1aa4f998942cc00f99a82e7805e87d958bc16
- SHA512
  
  928708dff6a372ba997c072238823469cbfd28ccbb17a723ad35f851d35c6eff82748aa41a9215955b9536a14aa57d47abe0f1ba00d11f8d920a57f91b7a35e5
- SSDEEP
  
  3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
Score

3^/10
behavioral21
- Target
  
  jre/bin/glass.dll
- Size
  
  196KB
- MD5
  
  434cbb561d7f326bbeffa2271ecc1446
- SHA1
  
  3d9639f6da2bc8ac5a536c150474b659d0177207
- SHA256
  
  1edd9022c10c27bbba2ad843310458edaead37a9767c6fc8fddaaf1adfcbc143
- SHA512
  
  9e37b985ecf0b2fef262f183c1cd26d437c8c7be97aa4ec4cd8c75c044336cc69a56a4614ea6d33dc252fe0da8e1bbadc193ff61b87be5dce6610525f321b6dc
- SSDEEP
  
  3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
Score

1^/10
behavioral22
- Target
  
  jre/bin/glib-lite.dll
- Size
  
  391KB
- MD5
  
  767bba46789597b120d01e48a685811e
- SHA1
  
  d2052953dde6002d590d0d89c2a052195364410a
- SHA256
  
  218d349986e2a0cd4a76f665434f455a8d452f1b27eaf9d01a120cb35da13694
- SHA512
  
  86f7f7e87514dbc62c284083d66d5f250a24fc5cd7540af573c3fb9d47b802be5ffbbc709b638f8e066ab6e4bb396320f6e65a8016415366799c74772398b530
- SSDEEP
  
  6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
Score

3^/10
behavioral23
- Target
  
  jre/bin/gstreamer-lite.dll
- Size
  
  502KB
- MD5
  
  8d0ce7151635322f1fe71a8cea22a7d6
- SHA1
  
  81e526d3bd968a57af430abb5f55a5c55166e579
- SHA256
  
  43c2ac74004f307117d80ee44d6d94db2205c802ae6f57764810dee17cfc914d
- SHA512
  
  3c78c0249b06a798106feaf796aa61d3a849f379bd438bf0bb7bfed0dc9b7e7ea7de689bc3874ed8b97ff2b3ba40265ded251896e03643b696efdbf2e01ac88c
- SSDEEP
  
  12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
Score

3^/10
behavioral24
- Target
  
  jre/bin/hprof.dll
- Size
  
  129KB
- MD5
  
  6376b76728e4a873b2bb7233cbcd5659
- SHA1
  
  3be08074527d5b5bc4a1ddcec41375e3b3a8a615
- SHA256
  
  4fdf86d78abc66b44b8aff4bbce1f2a5d6d9900767be3caae450409924dbc5ad
- SHA512
  
  955e7c5ab735183b491a753710b6f598a142a2876ddae5ad301c3da82a65ce82238e0f20c9f558f80138d58f8dc00b4ebd21483ceed0aabeeda32cca5d2e3d48
- SSDEEP
  
  3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
Score

3^/10
behavioral25
- Target
  
  jre/bin/instrument.dll
- Size
  
  113KB
- MD5
  
  ab6ed0cfd0c52dbede1be910efa8a89b
- SHA1
  
  83cbc2746a50c155261407ece3d7a5c58aad0437
- SHA256
  
  8a6fbb08e0f418a3bb80cc65233e7270c820741dd57525ed7fd3cc479a49396e
- SHA512
  
  41773183fc20e42bf208064163aa55658692b9221560146e4f6a676f96fc76541ed82f1efdfa31f8c25ba42f271f7d9087de681da937bbf0eb2c781e027f1218
- SSDEEP
  
  1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
Score

3^/10
behavioral26
- Target
  
  jre/bin/j2pcsc.dll
- Size
  
  16KB
- MD5
  
  1f004c428e01f8beb07b52eb9659a661
- SHA1
  
  4d6aab306cb1f4925890bf69fcdf32bbfe942b81
- SHA256
  
  1bdefecdf8cfa3f6da606ad4d8bd98ec81e4a244d459a141723ccb9dc47e57cb
- SHA512
  
  61888a778394950d2840e4d211196ffe1cb18fa45d092cbadbedf2809bded3d4421330cfe95392dd098e4ae3f6f8a3070e273ffca2fb495c43c76332ca331dbf
- SSDEEP
  
  384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
Score

1^/10
behavioral27
- Target
  
  jre/bin/j2pkcs11.dll
- Size
  
  50KB
- MD5
  
  3a744b78c57cfadc772c6de406b6b31e
- SHA1
  
  a89bf280453c0bcf8c987b351c168aeb3d7f7141
- SHA256
  
  629393079539b1b9849704ce4757714d1cbe5c80e82c6bb3bc4445f4854efa7b
- SHA512
  
  506a147f33c09fa7338e0560f850e42139d0875ef48c297ddb3cc3a29f12822011915faccb21da908cf51a462f0eba56b6b37c71d9c0f842bde4a697fb4ffb64
- SSDEEP
  
  1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
Score

1^/10
behavioral28
- Target
  
  jre/bin/jaas_nt.dll
- Size
  
  19KB
- MD5
  
  503275e515e3f2770a62d11e386eadbf
- SHA1
  
  c7be65796aa0e490779f202c67eec5e9fbb65113
- SHA256
  
  97b5d1c8e7aaace5c86a418cb7418d3b0ba4f5e178de3cf1031029f7f36832af
- SHA512
  
  ac7c0cb626c2d821f0f4e392ee4e02c9e0093f019aa5b2947e0c7b3290a0098a3d9bb803ab44fd304ca1f1d272cfb7b775e3c75c72c7523ff7240f38440cfc3c
- SSDEEP
  
  384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
Score

3^/10
behavioral29
- Target
  
  jre/bin/jabswitch.exe
- Size
  
  30KB
- MD5
  
  530d5597e565654d378f3c87654ccaba
- SHA1
  
  6fac0866ee0e68149ac0a0d39097cef8f93a5d9e
- SHA256
  
  0cfaa99ae669ddc00bd59b5857f725dff5d4c09834e143ab1b5c5f0b5801d13b
- SHA512
  
  d7520a28c3054160fcd62c9d816a27266be9333e00794434fb4529f0ff49a2b08e033b5e67a823e5c184ee2d19d7f615ff9ee643fe71c84011a7e5c03251f3b4
- SSDEEP
  
  768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
Score

1^/10
behavioral30
- Target
  
  jre/bin/java-rmi.exe
- Size
  
  15KB
- MD5
  
  cf2f023d2b5f0bfb2ecf8aeea7c51481
- SHA1
  
  6eb867b1ac656a0fc363dfae4e2d582606d100fb
- SHA256
  
  355366d0c7d7406e2319c90df2080c0fae72d9d54e4563c48a09f55ca68d6b0c
- SHA512
  
  a2041925039238235adc5fe8a9b818dff577c6ea3c55a0de08da3dedd8cd50dc240432ba1a0aea5e8830dcdccd3bfbf9cf8a4f21e9b56dc839e074e156fc008d
- SSDEEP
  
  384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
Score

1^/10
behavioral31
- Target
  
  jre/bin/java.dll
- Size
  
  123KB
- MD5
  
  73bd0b62b158c5a8d0ce92064600620d
- SHA1
  
  63c74250c17f75fe6356b649c484ad5936c3e871
- SHA256
  
  e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30
- SHA512
  
  eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f
- SSDEEP
  
  3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Reads user/profile data of web browsers

Registers COM server for autorun

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Checks installed software on the system

Checks system information in the registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32