General
-
Target
ExCheats Loader.exe
-
Size
435KB
-
Sample
240428-y3hdcsgb62
-
MD5
9faa97aeb1d886b560871f52c04e59e1
-
SHA1
a58886013917c1da279bad487d142a8e5b3f9090
-
SHA256
836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4
-
SHA512
41317af2324638328c1fbeda8a8592e65aec52f0b474d45152ab5d8acb9ee69612c3a9cbe465bb40e0e1bc7ca2239bd92cd9ca9310ce13c6876f4973e61a8ddb
-
SSDEEP
12288:tcY4vVKJcADX6Fze2V4VoPU6Rzl7tQQLOGpP:gkqA+1ebVoll7nL3P
Static task
static1
Behavioral task
behavioral1
Sample
ExCheats Loader.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
ExCheats Loader.exe
-
Size
435KB
-
MD5
9faa97aeb1d886b560871f52c04e59e1
-
SHA1
a58886013917c1da279bad487d142a8e5b3f9090
-
SHA256
836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4
-
SHA512
41317af2324638328c1fbeda8a8592e65aec52f0b474d45152ab5d8acb9ee69612c3a9cbe465bb40e0e1bc7ca2239bd92cd9ca9310ce13c6876f4973e61a8ddb
-
SSDEEP
12288:tcY4vVKJcADX6Fze2V4VoPU6Rzl7tQQLOGpP:gkqA+1ebVoll7nL3P
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-