General
-
Target
Escalibur.exe
-
Size
4.8MB
-
Sample
240426-tmkfkafc59
-
MD5
05f8682bbf2543d8a90620997be0b0d5
-
SHA1
6cf1198aff06b9f72bb7ad3d5d6d23212bdb8363
-
SHA256
83ce1b2bf3713bb3bee8052cb9632cc0604e9da50e204284fa3950db05f499a1
-
SHA512
a66d28a7b504babd2e9b5fdc512b0223a442788d0ab982be75940e2d8d4f61e55abff2e30414d9df69ef18f3f028218cebe3d17b6a26fc69a03de1bec3caf178
-
SSDEEP
98304:OrxnheVxVr1lzpFPdlNr3y1olj8aQ39B6:snheVXPdlF3eIwDW
Malware Config
Targets
-
-
Target
Escalibur.exe
-
Size
4.8MB
-
MD5
05f8682bbf2543d8a90620997be0b0d5
-
SHA1
6cf1198aff06b9f72bb7ad3d5d6d23212bdb8363
-
SHA256
83ce1b2bf3713bb3bee8052cb9632cc0604e9da50e204284fa3950db05f499a1
-
SHA512
a66d28a7b504babd2e9b5fdc512b0223a442788d0ab982be75940e2d8d4f61e55abff2e30414d9df69ef18f3f028218cebe3d17b6a26fc69a03de1bec3caf178
-
SSDEEP
98304:OrxnheVxVr1lzpFPdlNr3y1olj8aQ39B6:snheVXPdlF3eIwDW
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-