redline | b345ffcbf819c6829dfbf2269d6dd5bb2e8a7ccb575eb9576f3b198afd0eb16f | Triage

Submit
Reports

Overview

overview

Static

static

2b8795c54c...81.exe

windows7-x64

2b8795c54c...81.exe

windows10-2004-x64

Sharing

General

Target

acfc823a15fbc0247f1974b9a7dc7cf8.bin
Size

2.7MB
Sample

240427-b4emjagd87
MD5

bf2e2057fcd0a7c40d26f088de8020d0
SHA1

4cc7bd8693ca25d5509ab9a967f9246366bcf3d8
SHA256

b345ffcbf819c6829dfbf2269d6dd5bb2e8a7ccb575eb9576f3b198afd0eb16f
SHA512

1b1b1d2bd39e68c95996ed7e2e1e7403a22c332b7abc32843c3ff567d622b7d366bb7e3e68bec73c08f99fadcebbebde9f4e28afe38410c07913421d593174a3
SSDEEP

49152:PQ7D8uEk/oOzNQmyYebCtg4p5rXXzLnpmLCNqEgqwV5iuQimpL:PowAoOzNQmy05p5rXjLnpbefuia

Score

10^/10

redline zgrat infostealer rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe

Resource

win7-20240215-en

redline zgrat infostealer rat spyware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe

Resource

win10v2004-20240419-en

redline zgrat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81.exe
- Size
  
  3.8MB
- MD5
  
  acfc823a15fbc0247f1974b9a7dc7cf8
- SHA1
  
  3289cb74a353915117e7b1649acbff7449068018
- SHA256
  
  2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81
- SHA512
  
  1429b568485669dd1376cf2082efa4dff7ac2042fab6ddc31889cb92087dfd4609399395935e47910f4c982f85e1e5b3dc6061e97258c5078a8791aa2d5b3568
- SSDEEP
  
  49152:2sr3b8LJA1/x5CQIcSlU9Jn03eHk5SyiZfOp7fgqjIr7vFKNrFeE:9fGJeHI2Jn0OHk5SbOpKwOE
Score

10^/10

redline zgrat infostealer rat spyware
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinezgratinfostealerratspyware

behavioral2

redlinezgratinfostealerrat

© 2018-2024

Terms | Privacy