Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    af3da11eef1431bcb68987d8bd429aa9525a2c88533611be3f5e0372fb1cfff1

  • Size

    1.0MB

  • Sample

    240429-ek9kcahg9s

  • MD5

    d80ee0387601fc411ec7f13aa013a843

  • SHA1

    cdaa93245c408fe0cd743cc1665ab6e5bb949acc

  • SHA256

    af3da11eef1431bcb68987d8bd429aa9525a2c88533611be3f5e0372fb1cfff1

  • SHA512

    be0e35c0af4adade2d50d91445dca2ea3f9741bfa0f6436c7c1daf69056db6d33a7bfde87ecacd36ed828d637efce1b164c3286a3dcffe35b09051b063dc6cd7

  • SSDEEP

    24576:GoAzDsD9ZTu5+skuIms5/nVKW/ClbnKMzCQOQoi:PEDsxY/kHms5/nVK1j7gt

Score
10/10
redlinestealczgratinfostealerratspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://95.164.2.59

Targets

    • Target

      af3da11eef1431bcb68987d8bd429aa9525a2c88533611be3f5e0372fb1cfff1

    • Size

      1.0MB

    • MD5

      d80ee0387601fc411ec7f13aa013a843

    • SHA1

      cdaa93245c408fe0cd743cc1665ab6e5bb949acc

    • SHA256

      af3da11eef1431bcb68987d8bd429aa9525a2c88533611be3f5e0372fb1cfff1

    • SHA512

      be0e35c0af4adade2d50d91445dca2ea3f9741bfa0f6436c7c1daf69056db6d33a7bfde87ecacd36ed828d637efce1b164c3286a3dcffe35b09051b063dc6cd7

    • SSDEEP

      24576:GoAzDsD9ZTu5+skuIms5/nVKW/ClbnKMzCQOQoi:PEDsxY/kHms5/nVK1j7gt

    Score
    10/10
    stealcstealerredlinezgratinfostealerratspyware

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks