redline | 74c353dee0b64a5fa7c7c89b9e706f38fa8cd409bf921c65214768f6c853af82 | Triage

Submit
Reports

Overview

overview

Static

static

3

Software_1.30.1.exe

windows7-x64

Software_1.30.1.exe

windows10-2004-x64

Sharing

General

Target

Software_1.30.1.exe
Size

1.2MB
Sample

240424-yn5v4sgd9z
MD5

61e98ce71429460473bcd27b5b637518
SHA1

9790d864dfdb22c13b03b5af3088708e264dd441
SHA256

74c353dee0b64a5fa7c7c89b9e706f38fa8cd409bf921c65214768f6c853af82
SHA512

8643672acfd5632c6767e2ff1ef3099e04e1af69c7acab0f23629cb518a4f8157114728895eda6a724a2dd59202ff6f4092001d96147711da3318a07ccf92017
SSDEEP

24576:xXKBY297HFV5dbGSH3vSa2IpUIwyZspmb8WChS:x6JFV5dbGSsmwlm7CU

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Software_1.30.1.exe

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Software_1.30.1.exe

Resource

win10v2004-20240412-en

redline zgrat discovery infostealer rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Software_1.30.1.exe
- Size
  
  1.2MB
- MD5
  
  61e98ce71429460473bcd27b5b637518
- SHA1
  
  9790d864dfdb22c13b03b5af3088708e264dd441
- SHA256
  
  74c353dee0b64a5fa7c7c89b9e706f38fa8cd409bf921c65214768f6c853af82
- SHA512
  
  8643672acfd5632c6767e2ff1ef3099e04e1af69c7acab0f23629cb518a4f8157114728895eda6a724a2dd59202ff6f4092001d96147711da3318a07ccf92017
- SSDEEP
  
  24576:xXKBY297HFV5dbGSH3vSa2IpUIwyZspmb8WChS:x6JFV5dbGSsmwlm7CU
Score

10^/10

zgrat rat redline discovery infostealer spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinezgratdiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy