Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    efc1cf307c9475a3c3ffdf3fcdeac5a712c9863242a2bbb043d64c25a143d0df

  • Size

    4.1MB

  • Sample

    240429-et3hdshh45

  • MD5

    a8f21ffc9630c023fd163af0da7ead26

  • SHA1

    a4d39a5c6fc506eddd267ed4174ff3986f168121

  • SHA256

    efc1cf307c9475a3c3ffdf3fcdeac5a712c9863242a2bbb043d64c25a143d0df

  • SHA512

    4e45af34c726c3a902d8c69ee25935be31ec9c9cde1100f448093c3d00fb7fa04d1c0fc36139a32844977eb6aead8e5b0eb19a92649f773870c5511e3036f2d5

  • SSDEEP

    49152:UZpwrL+M9T9fSRvgwJl5FQsSRWZwpx1BcRj0wRUAAV7DW1lDj66Na0BYrM4:UyL9aUsSRCw/1Bc1opVDWvfNaOyM4

Score
10/10
redlinezgratinfostealerratspyware

Malware Config

Targets

    • Target

      efc1cf307c9475a3c3ffdf3fcdeac5a712c9863242a2bbb043d64c25a143d0df

    • Size

      4.1MB

    • MD5

      a8f21ffc9630c023fd163af0da7ead26

    • SHA1

      a4d39a5c6fc506eddd267ed4174ff3986f168121

    • SHA256

      efc1cf307c9475a3c3ffdf3fcdeac5a712c9863242a2bbb043d64c25a143d0df

    • SHA512

      4e45af34c726c3a902d8c69ee25935be31ec9c9cde1100f448093c3d00fb7fa04d1c0fc36139a32844977eb6aead8e5b0eb19a92649f773870c5511e3036f2d5

    • SSDEEP

      49152:UZpwrL+M9T9fSRvgwJl5FQsSRWZwpx1BcRj0wRUAAV7DW1lDj66Na0BYrM4:UyL9aUsSRCw/1Bc1opVDWvfNaOyM4

    Score
    10/10
    zgratratredlineinfostealerspyware

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks