redline | 1fad6fe833e520abed8b1937ed2598091545cd8b388188ba3e702c1da0401813 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 04:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MOD.exe
Size

435KB
MD5

39f127b2722cfd35f5102cad5c3528ba
SHA1

5f27952052884953907e6a3b806f5b7f055261dd
SHA256

1fad6fe833e520abed8b1937ed2598091545cd8b388188ba3e702c1da0401813
SHA512

39fd2e250078cae9be975b9074b3f8eaff331e9682f73aacbf0950d4a7bb55a0c984c1d9d03710e3852b2a0a0c917a769f30871f9fc89df53d95d4c76b834ad6
SSDEEP

12288:/r7219cp5VgRdztHiyX9Aa7Cv3FM4pIdW3pArpX:+gpPiDX9yVCdN1X

Score

10^/10

redline zgrat infostealer rat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/1556-0-0x00000000013B0000-0x000000000141E000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1556-0-0x00000000013B0000-0x000000000141E000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	1556	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1508	1556	MOD.exe	28
PID 1556 wrote to memory of 1508	1556	MOD.exe	28
PID 1556 wrote to memory of 1508	1556	MOD.exe	28
PID 1556 wrote to memory of 1508	1556	MOD.exe	28

C:\Users\Admin\AppData\Local\Temp\MOD.exe
"C:\Users\Admin\AppData\Local\Temp\MOD.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 120
  2⤵
  - Program crash
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1556-0-0x00000000013B0000-0x000000000141E000-memory.dmp

Filesize
440KB

Download