purelogstealer | 5a7757d1d3fb70c2e261e3e3a14a6c79d0451b3bd67b262059ca001f9c48b308 | Triage

Submit
Reports

Overview

overview

Static

static

1

EngineChromium.msi

windows7-x64

EngineChromium.msi

windows10-1703-x64

EngineChromium.msi

windows10-2004-x64

EngineChromium.msi

windows11-21h2-x64

Sharing

General

Target

EngineChromium.msi
Size

34.3MB
Sample

240426-msdrmsef83
MD5

a74cc7b62eaed6394bdc89f8ae24ae45
SHA1

c0bc2eb10ef1e9891a5f1587cf180a67ac3a72a6
SHA256

5a7757d1d3fb70c2e261e3e3a14a6c79d0451b3bd67b262059ca001f9c48b308
SHA512

a8962c92d0ea8e24f3a98e6fd01c3eedf708dcd4ff54724cd7a4e35d673ccae3f21c1094834ae44486ad785f8905dc975fd31093cf9454f34a0eb85b5331ca9f
SSDEEP

786432:CUz141w/2wmggH4vdjpi6TeQHnjAGVRZ4U2XCUydEB6msg:CUZjXmggOdov8nkGVeXCUIEWg

Score

10^/10

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

EngineChromium.msi

Resource

win7-20240419-en

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer

windows7-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

EngineChromium.msi

Resource

win10-20240404-en

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer

windows10-1703-x64

22 signatures

300 seconds

Behavioral task

behavioral3

Sample

EngineChromium.msi

Resource

win10v2004-20240419-en

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer

windows10-2004-x64

21 signatures

300 seconds

Behavioral task

behavioral4

Sample

EngineChromium.msi

Resource

win11-20240419-en

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer

windows11-21h2-x64

21 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

newhope2

C2

91.92.246.148:3362

Targets

- Target
  
  EngineChromium.msi
- Size
  
  34.3MB
- MD5
  
  a74cc7b62eaed6394bdc89f8ae24ae45
- SHA1
  
  c0bc2eb10ef1e9891a5f1587cf180a67ac3a72a6
- SHA256
  
  5a7757d1d3fb70c2e261e3e3a14a6c79d0451b3bd67b262059ca001f9c48b308
- SHA512
  
  a8962c92d0ea8e24f3a98e6fd01c3eedf708dcd4ff54724cd7a4e35d673ccae3f21c1094834ae44486ad785f8905dc975fd31093cf9454f34a0eb85b5331ca9f
- SSDEEP
  
  786432:CUz141w/2wmggH4vdjpi6TeQHnjAGVRZ4U2XCUydEB6msg:CUZjXmggOdov8nkGVeXCUIEWg
Score

10^/10

purelogstealer redline zgrat newhope2 discovery infostealer persistence rat stealer
- Detect ZGRat V1
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

purelogstealerredlinezgratnewhope2discoveryinfostealerpersistenceratstealer

behavioral2

purelogstealerredlinezgratnewhope2discoveryinfostealerpersistenceratstealer

behavioral3

purelogstealerredlinezgratnewhope2discoveryinfostealerpersistenceratstealer

behavioral4

purelogstealerredlinezgratnewhope2discoveryinfostealerpersistenceratstealer

© 2018-2024

Terms | Privacy