redline

Sharing

Copy URL

Twitter E-mail

General

Target

Software_1.30.1.rar
Size

11.1MB
Sample

240426-l7wekaeb2v
MD5

b01a45f46effe0887fd0dff6646894e0
SHA1

fa0d2e746c981822fd8c4d7811b1e9d9ad3b64f0
SHA256

739d8e382768ca1c159c50425bc7773bc2e7e3d91705fc41d3b32035b2811daa
SHA512

9f469c1836645c48e56463811d8461e4de228a7273661c863148ff619f46a16ec7b2408301ddbde6da9765b7b3a4cf4893ff01fa23da6fb29b7596d0765e0ce4
SSDEEP

196608:hfxMUYzzZA9Ron9nEqNHuvwcf4KFSJTCiHD3iXEifbaRfnqhU2koVS3Qj7CmH:fMUmAI9nEqNOvwcf47JTJHLi0idhQK9

Score

10^/10

Malware Config

Targets

- Target
  
  Software_1.30.1.rar
- Size
  
  11.1MB
- MD5
  
  b01a45f46effe0887fd0dff6646894e0
- SHA1
  
  fa0d2e746c981822fd8c4d7811b1e9d9ad3b64f0
- SHA256
  
  739d8e382768ca1c159c50425bc7773bc2e7e3d91705fc41d3b32035b2811daa
- SHA512
  
  9f469c1836645c48e56463811d8461e4de228a7273661c863148ff619f46a16ec7b2408301ddbde6da9765b7b3a4cf4893ff01fa23da6fb29b7596d0765e0ce4
- SSDEEP
  
  196608:hfxMUYzzZA9Ron9nEqNHuvwcf4KFSJTCiHD3iXEifbaRfnqhU2koVS3Qj7CmH:fMUmAI9nEqNOvwcf47JTJHLi0idhQK9
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Debug/Addition.dll
- Size
  
  30KB
- MD5
  
  f22e849a370cdf127f48beab596bdd81
- SHA1
  
  fb1da47c7a246f2cda7f7686a468efafd9933b1e
- SHA256
  
  8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
- SHA512
  
  6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
- SSDEEP
  
  768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score

1^/10
behavioral3 behavioral4
- Target
  
  Debug/Autoupdater.ini
- Size
  
  5KB
- MD5
  
  f78b8f3d265b4e9a706ed0aae70bdf9c
- SHA1
  
  6d73ad3954fd8fda80911071efca1910fd2d0a3d
- SHA256
  
  dcae62d049c4dd496effab6f02220bc270c6c098ebb55a5a6e55fbafad2974d2
- SHA512
  
  c44887c08d1239969aaf9934921f1a7341b87faded169136fcc0539d62de3104ecec0e3ac7a28eb3135cb449f58310b49f868963b64b920210d1c55104e7e7cb
- SSDEEP
  
  48:K3Px9Vz69T0oXIGXTWGXsP9JEX98TNx9P8k9zZ8G958d8lx9Vz69T0oXIGXTWGXe:FvTlEGvTlUOy
Score

1^/10
behavioral5 behavioral6
- Target
  
  Debug/Cracker.dll
- Size
  
  56KB
- MD5
  
  404aacc737a9d30147d30cee6be0abba
- SHA1
  
  5f49b9197d73b53eb3473c80a6f25dc068421baf
- SHA256
  
  3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
- SHA512
  
  eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
- SSDEEP
  
  384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score

1^/10
behavioral7 behavioral8
- Target
  
  Debug/DebugPPF.tmp
- Size
  
  11KB
- MD5
  
  b1e68fabd5c19aaa21de6351554aae2e
- SHA1
  
  66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8
- SHA256
  
  63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca
- SHA512
  
  6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd
- SSDEEP
  
  192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S
Score

3^/10
behavioral10 behavioral9
- Target
  
  Debug/DebugPPT.tmp
- Size
  
  11KB
- MD5
  
  4969578a5fd8d113ab7783812849c1ed
- SHA1
  
  580f84362a74337b2ed25bd58700e9a002e51bc9
- SHA256
  
  9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0
- SHA512
  
  49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef
- SSDEEP
  
  192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ
Score

3^/10
behavioral11 behavioral12
- Target
  
  Debug/Helper.dll
- Size
  
  189B
- MD5
  
  9bb9aba5dd893bbccfa45e2d75d55d26
- SHA1
  
  5714796513341ac3159a6a3c23d4769209063d35
- SHA256
  
  6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
- SHA512
  
  f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score

1^/10
behavioral13 behavioral14
- Target
  
  Debug/Management.log
- Size
  
  8KB
- MD5
  
  ff765d6581fe6568aaae19de239b2e7a
- SHA1
  
  78b09b0ce2e59ce87f65251ea903842c1c77046a
- SHA256
  
  4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc
- SHA512
  
  8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e
- SSDEEP
  
  192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a
Score

1^/10
behavioral15 behavioral16
- Target
  
  Debug/Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral17 behavioral18
- Target
  
  Debug/main.ini
- Size
  
  4KB
- MD5
  
  d2e799c6b2467a0a4aeb0cba508e8a30
- SHA1
  
  349e50e830cca26b03a0e32bac1f9045a72eb406
- SHA256
  
  d3d79eda930253d1ad388f60a56775f7d6bff80ce5a4e07c812d7d338fc93593
- SHA512
  
  f1d14875a6379b450eb5dc2513a1791ec65a6fb237db94a74621c70ca5d579428b7cded35ce3bece884faaabca4f0705de73fb5cc8b2d60be995b2be66cb20c2
- SSDEEP
  
  96:38acVNxLPdLB3fhvKSEnQRkB6Ip1ImmoM:38xxzd93fASEnNIy1ImmoM
Score

1^/10
behavioral19 behavioral20
- Target
  
  Language.pimx
- Size
  
  22KB
- MD5
  
  01fbf905f95578b7c2eb370d5bd867b6
- SHA1
  
  6688f78f5afba9bbabca1a398371c063f67447c2
- SHA256
  
  a17506a018994501e0cf6847ceee97f7cd9ffcffc48b256d180175256ff5c0f7
- SHA512
  
  321c7c325dd886f7a154e7aed21b5e8789cd3ec28a0dd87ade8702524857fb2ff271fca16833f2d393ce9ca45cb6b0b87470357ace1bf49d65e7e0efdf423aa5
- SSDEEP
  
  384:ntMbm75pVUbnVhU9PFfRYzF66ZfxjUyy9FeQ3Np:ntMIInrU9PBRR6ZfxOX
Score

3^/10
behavioral21 behavioral22
- Target
  
  Main.ini
- Size
  
  24KB
- MD5
  
  5bf4353d089309e57865ba86d4199004
- SHA1
  
  e2871968fc1aa99c821209f817a94b05b7b7a7f3
- SHA256
  
  96088d93be0c39001e87b5647bc8ffdef684a90fa02f0f91d430248f7c3415e2
- SHA512
  
  c8489b85c75cacc54535538736d75ab2a2fd60d29b764906fe7acbc26d9887515f5c316b9e2543b9511ffc348fcd88f5e01e4f1baaf9c5ecfb8a95061e12c4ed
- SSDEEP
  
  384:az91NaxrAlW10wt+CJgSz8/YK3uOvxtNhymeIbi2OrFc:az91NaxOCJgkRK3zvxtNN
Score

1^/10
behavioral23 behavioral24
- Target
  
  Packaged/Main.ini
- Size
  
  1KB
- MD5
  
  7b53ebd64e5781e02eaefb6739a6b556
- SHA1
  
  d5332b200cf5dcea0419afdb66a15d89b9eb619f
- SHA256
  
  b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
- SHA512
  
  c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score

1^/10
behavioral25 behavioral26
- Target
  
  Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral27 behavioral28
- Target
  
  Packaged/Utils.dll
- Size
  
  1KB
- MD5
  
  73e051427246dd4ca45935b1a4bd7e2d
- SHA1
  
  7216f05041252f1c3a9d84aacdf84ef62f1a1045
- SHA256
  
  b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
- SHA512
  
  3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score

1^/10
behavioral29 behavioral30
- Target
  
  Software_1.30.1.exe
- Size
  
  459KB
- MD5
  
  1502131d8e2862b1c4c8c32460d5a471
- SHA1
  
  661c7dbfffa6c8a03df60e6f9daf1dcfaf9b1591
- SHA256
  
  f5c5b3ecadf87600083fa78130c7c046405e542c878a86a144626286dd857349
- SHA512
  
  87088e55f5a0fb586771ca0bded9649e790393646036579ebf29ed051af706f24516c261a9a4365d84c675aa8f75b277ccf58eda9a86bd67eb2f1c9edfdb5f4b
- SSDEEP
  
  12288:P4J4ZH65jJnZ0iQaNJI0pqIRWqsfedoM/Sk2+JEXRa:w4ZGnhDVqXqsWaM/dbGB
Score

10^/10

redline zgrat infostealer rat
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Suspicious use of SetThreadContext
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Detect ZGRat V1

RedLine payload

ZGRat

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32