redline | 836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4 | Triage

Submit
Reports

Overview

overview

Static

static

1

ExCheats Loader.exe

windows7-x64

ExCheats Loader.exe

windows10-2004-x64

Sharing

General

Target

ExCheats Loader.exe
Size

435KB
Sample

240428-y3hdcsgb62
MD5

9faa97aeb1d886b560871f52c04e59e1
SHA1

a58886013917c1da279bad487d142a8e5b3f9090
SHA256

836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4
SHA512

41317af2324638328c1fbeda8a8592e65aec52f0b474d45152ab5d8acb9ee69612c3a9cbe465bb40e0e1bc7ca2239bd92cd9ca9310ce13c6876f4973e61a8ddb
SSDEEP

12288:tcY4vVKJcADX6Fze2V4VoPU6Rzl7tQQLOGpP:gkqA+1ebVoll7nL3P

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ExCheats Loader.exe

Resource

win7-20240221-en

redline zgrat infostealer rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ExCheats Loader.exe

Resource

win10v2004-20240226-en

redline zgrat discovery infostealer rat spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ExCheats Loader.exe
- Size
  
  435KB
- MD5
  
  9faa97aeb1d886b560871f52c04e59e1
- SHA1
  
  a58886013917c1da279bad487d142a8e5b3f9090
- SHA256
  
  836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4
- SHA512
  
  41317af2324638328c1fbeda8a8592e65aec52f0b474d45152ab5d8acb9ee69612c3a9cbe465bb40e0e1bc7ca2239bd92cd9ca9310ce13c6876f4973e61a8ddb
- SSDEEP
  
  12288:tcY4vVKJcADX6Fze2V4VoPU6Rzl7tQQLOGpP:gkqA+1ebVoll7nL3P
Score

10^/10

redline zgrat infostealer rat discovery spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinezgratinfostealerrat

behavioral2

redlinezgratdiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy