General
-
Target
Software.exe
-
Size
435KB
-
Sample
240423-td9n4ahf6s
-
MD5
5046dce59197d3cd684e3947ecb1785d
-
SHA1
ededcf8b9ee161151248d924a11a82081dcba793
-
SHA256
c6692fb4ffd690a2a9e2c0da9e1c7943b709cda02f9c3078d8a5d219db7e7b16
-
SHA512
47f08cc4d677b19fd6c5585ffacbdc91041ca72fe15b80823b9c09298cd8f7afa83de1f3b78ddde01d195aa93d12ad5ddea48bdcd4b9aef68506642b64c31199
-
SSDEEP
12288:rcY4vfuU9cwF1eID+g4vvTxn3llY5802Wc/pH:CPbUxn3ACdWcH
Static task
static1
Behavioral task
behavioral1
Sample
Software.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Software.exe
-
Size
435KB
-
MD5
5046dce59197d3cd684e3947ecb1785d
-
SHA1
ededcf8b9ee161151248d924a11a82081dcba793
-
SHA256
c6692fb4ffd690a2a9e2c0da9e1c7943b709cda02f9c3078d8a5d219db7e7b16
-
SHA512
47f08cc4d677b19fd6c5585ffacbdc91041ca72fe15b80823b9c09298cd8f7afa83de1f3b78ddde01d195aa93d12ad5ddea48bdcd4b9aef68506642b64c31199
-
SSDEEP
12288:rcY4vfuU9cwF1eID+g4vvTxn3llY5802Wc/pH:CPbUxn3ACdWcH
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-