General
-
Target
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc.exe
-
Size
13.3MB
-
Sample
240428-cevg5adg22
-
MD5
42c32b8ee377ce3bcf36f51fb7bc93a8
-
SHA1
819d0926c93704884a882967d820d6f753732d37
-
SHA256
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc
-
SHA512
d9c5d1a4ab4c873d819a36d6b2219667d01cd5007a6c1f9c8828c5bd0f0907a56ec1cdf3339274805db53e572c1a259f8193ad8738e0f6e4b8caceec5a84b284
-
SSDEEP
393216:uEtDIsayzJASQzBVLw1HY80t92B3s6Mo85oZBn55i1C:uEVHZASUYH50tCVdmoZB55iA
Static task
static1
Behavioral task
behavioral1
Sample
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc.exe
-
Size
13.3MB
-
MD5
42c32b8ee377ce3bcf36f51fb7bc93a8
-
SHA1
819d0926c93704884a882967d820d6f753732d37
-
SHA256
c91c0745dcd02dbffa34747dd26e85e3e124a62d0812c125b6bc67792b66c8dc
-
SHA512
d9c5d1a4ab4c873d819a36d6b2219667d01cd5007a6c1f9c8828c5bd0f0907a56ec1cdf3339274805db53e572c1a259f8193ad8738e0f6e4b8caceec5a84b284
-
SSDEEP
393216:uEtDIsayzJASQzBVLw1HY80t92B3s6Mo85oZBn55i1C:uEVHZASUYH50tCVdmoZB55iA
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-