redline | 327ceae282c6c3f4f34e62d97dc2e58486f872c5dc319a33a67e2826e64b4fa3 | Triage

Submit
Reports

Overview

overview

Static

static

1

LaucnhBHF.exe

windows7-x64

LaucnhBHF.exe

windows10-2004-x64

Launcher.dll

windows7-x64

1

Launcher.dll

windows10-2004-x64

1

Sharing

General

Target

BLACKSOFT.rar
Size

5.0MB
Sample

240426-2tknxadg65
MD5

7483e1999f29e9c7ece0dd99395c997c
SHA1

a2586dfece078d2c26b8193b270ba9c537dbe9c0
SHA256

327ceae282c6c3f4f34e62d97dc2e58486f872c5dc319a33a67e2826e64b4fa3
SHA512

b4fa03b3766601567604f24de1061241aac812d60a713eebcadc4450f02b28f47954aea8416e7cf6d54be0125ca58271b0d27be99900d641e9f567cd80a63c82
SSDEEP

98304:6tlOZm+HrK63UaQwzZKLWKBmwVTH3x+eKtiCmYnxOt/t6ntnEcuk:ylO8+LKUrxziWKBmwdXxEiYnxO1t6nt7

Score

10^/10

redline zgrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

LaucnhBHF.exe

Resource

win7-20240419-en

redline zgrat infostealer rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

LaucnhBHF.exe

Resource

win10v2004-20240419-en

redline zgrat infostealer rat

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral3

Sample

Launcher.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

Launcher.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  LaucnhBHF.exe
- Size
  
  800.0MB
- MD5
  
  fa1874358e96ad36cfd415a2cae786e8
- SHA1
  
  420f6ef50307324e6467cc1f729ad44d23c1c8cb
- SHA256
  
  042c6ef46e184e5eebc0ba198abb6c4e7ef7c6e2840d3ccf8c2608fac57a84a4
- SHA512
  
  a614ddbfe4e468fca681e628b960c397c7788f863745959b0c615eb8e1c32134ba683ef292701a0860e3c31cf4b8eb49a075e291a89ca7a2d7ba5db187bd6351
- SSDEEP
  
  24576:MNZQnEK4hZpx3mUDxBOIUin2RlZeXTQfEZwYbS9DE7:8cEK+px3hDxBOISBfEZvkO
Score

10^/10

redline zgrat infostealer rat
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Launcher.dll
- Size
  
  7.5MB
- MD5
  
  cbb81f28c5a509e4f7e3e44bc7da74f8
- SHA1
  
  47145f07bc7d0083d3bd13a9da44bac740952029
- SHA256
  
  413bf9c2cff6fe7b97eae199683df7f6d648fad4c25cb6d0b7dce335eb69edba
- SHA512
  
  bc863ebb2f5fd66f342be8befb49889dd275adb15cff95ed378e185190091589c8d1d7a8902ca889a7b2af81588c731bfa0a930f074fecadd9b47a082966079c
- SSDEEP
  
  98304:koD5geAsEDKN0xOLy2MsmCkQejop7PGXleggxF:kfD/mexOLy0GoNPGXledT
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinezgratinfostealerrat

behavioral2

redlinezgratinfostealerrat

behavioral3

behavioral4

© 2018-2024

Terms | Privacy