redline | 2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

3.8MB
Sample

240425-qwsxhsbc74
MD5

acfc823a15fbc0247f1974b9a7dc7cf8
SHA1

3289cb74a353915117e7b1649acbff7449068018
SHA256

2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
SHA512

1429b568485669dd1376cf2082efa4dff7ac2042fab6ddc31889cb92087dfd4609399395935e47910f4c982f85e1e5b3dc6061e97258c5078a8791aa2d5b3568
SSDEEP

49152:2sr3b8LJA1/x5CQIcSlU9Jn03eHk5SyiZfOp7fgqjIr7vFKNrFeE:9fGJeHI2Jn0OHk5SbOpKwOE

Score

10^/10

redline zgrat infostealer rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20240221-en

redline zgrat infostealer rat spyware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20240412-en

redline zgrat infostealer rat spyware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  3.8MB
- MD5
  
  acfc823a15fbc0247f1974b9a7dc7cf8
- SHA1
  
  3289cb74a353915117e7b1649acbff7449068018
- SHA256
  
  2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
- SHA512
  
  1429b568485669dd1376cf2082efa4dff7ac2042fab6ddc31889cb92087dfd4609399395935e47910f4c982f85e1e5b3dc6061e97258c5078a8791aa2d5b3568
- SSDEEP
  
  49152:2sr3b8LJA1/x5CQIcSlU9Jn03eHk5SyiZfOp7fgqjIr7vFKNrFeE:9fGJeHI2Jn0OHk5SbOpKwOE
Score

10^/10

redline zgrat infostealer rat spyware
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinezgratinfostealerratspyware

behavioral2

redlinezgratinfostealerratspyware

© 2018-2024

Terms | Privacy