General
-
Target
acfc823a15fbc0247f1974b9a7dc7cf8.bin
-
Size
2.7MB
-
Sample
240427-b4emjagd87
-
MD5
bf2e2057fcd0a7c40d26f088de8020d0
-
SHA1
4cc7bd8693ca25d5509ab9a967f9246366bcf3d8
-
SHA256
b345ffcbf819c6829dfbf2269d6dd5bb2e8a7ccb575eb9576f3b198afd0eb16f
-
SHA512
1b1b1d2bd39e68c95996ed7e2e1e7403a22c332b7abc32843c3ff567d622b7d366bb7e3e68bec73c08f99fadcebbebde9f4e28afe38410c07913421d593174a3
-
SSDEEP
49152:PQ7D8uEk/oOzNQmyYebCtg4p5rXXzLnpmLCNqEgqwV5iuQimpL:PowAoOzNQmy05p5rXjLnpbefuia
Behavioral task
behavioral1
Sample
2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe
-
Size
3.8MB
-
MD5
acfc823a15fbc0247f1974b9a7dc7cf8
-
SHA1
3289cb74a353915117e7b1649acbff7449068018
-
SHA256
2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
-
SHA512
1429b568485669dd1376cf2082efa4dff7ac2042fab6ddc31889cb92087dfd4609399395935e47910f4c982f85e1e5b3dc6061e97258c5078a8791aa2d5b3568
-
SSDEEP
49152:2sr3b8LJA1/x5CQIcSlU9Jn03eHk5SyiZfOp7fgqjIr7vFKNrFeE:9fGJeHI2Jn0OHk5SbOpKwOE
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-