redline | af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1 | Triage

Submit
Reports

Overview

overview

Static

static

af60eec4fc...c1.exe

windows7-x64

7

af60eec4fc...c1.exe

windows10-2004-x64

Sharing

General

Target

af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1.exe
Size

3.9MB
Sample

240423-b4eyasbc4x
MD5

3c244fae9cb5bb37d4410f4c9d6fe90a
SHA1

3e03a9e42b537b793770c4205db7f4bac7ec6561
SHA256

af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1
SHA512

9408a67b96ac32f8c767b5a8febe6c89a1c75ee8666de237e806ac4f61a0895bc468be70d4f19b4da26823226052cbb7d9e0a654311772db630d0afe4bd26de7
SSDEEP

49152:MIF8M31NQDgRmeebiQ07intlAEE3sQIcvw4AAVbmVeXQE4aZ+G9/FBiyu7vBHvpT:5lPY/HrAEE3sxfpAV/XQExHULR9RL4Qx

Score

10^/10

redline zgrat infostealer rat spyware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1.exe

Resource

win10v2004-20240226-en

redline zgrat infostealer rat spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1.exe
- Size
  
  3.9MB
- MD5
  
  3c244fae9cb5bb37d4410f4c9d6fe90a
- SHA1
  
  3e03a9e42b537b793770c4205db7f4bac7ec6561
- SHA256
  
  af60eec4fcc826168f9bb7f849bc24b9c67bc9367126c20b8a80d6b0e1c416c1
- SHA512
  
  9408a67b96ac32f8c767b5a8febe6c89a1c75ee8666de237e806ac4f61a0895bc468be70d4f19b4da26823226052cbb7d9e0a654311772db630d0afe4bd26de7
- SSDEEP
  
  49152:MIF8M31NQDgRmeebiQ07intlAEE3sQIcvw4AAVbmVeXQE4aZ+G9/FBiyu7vBHvpT:5lPY/HrAEE3sxfpAV/XQExHULR9RL4Qx
Score

10^/10

spyware redline zgrat infostealer rat
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detects executables packed with Dotfuscator
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinezgratinfostealerratspyware

© 2018-2024

Terms | Privacy