General
-
Target
5ed90a1f4d5e30a6a6d8a3d8aa3f84d875c0527d59ac4ef2cf549e829fb4a0b5
-
Size
690KB
-
Sample
240501-165n6shc3t
-
MD5
ad4014cc2568c355da9f9f860d6c42e4
-
SHA1
296377a589dab944f543eeb8433b29d957b22d4a
-
SHA256
5ed90a1f4d5e30a6a6d8a3d8aa3f84d875c0527d59ac4ef2cf549e829fb4a0b5
-
SHA512
ea71866536a8200be49e0edcc86e5cb78a1844692f97bb19f7d62008201babc6fdae26218be186375aea7d5d6c2897e7e81724b0481aec7897c7e3e2aa2c350b
-
SSDEEP
12288:cy90wPk7S6Fq6asuoGcOSsQV7vhmzWGM0/S2XB1wldCikLNUZNvoa:cyGXq6asuornNPGM0a2KgiK4Rn
Malware Config
Targets
-
-
Target
5ed90a1f4d5e30a6a6d8a3d8aa3f84d875c0527d59ac4ef2cf549e829fb4a0b5
-
Size
690KB
-
MD5
ad4014cc2568c355da9f9f860d6c42e4
-
SHA1
296377a589dab944f543eeb8433b29d957b22d4a
-
SHA256
5ed90a1f4d5e30a6a6d8a3d8aa3f84d875c0527d59ac4ef2cf549e829fb4a0b5
-
SHA512
ea71866536a8200be49e0edcc86e5cb78a1844692f97bb19f7d62008201babc6fdae26218be186375aea7d5d6c2897e7e81724b0481aec7897c7e3e2aa2c350b
-
SSDEEP
12288:cy90wPk7S6Fq6asuoGcOSsQV7vhmzWGM0/S2XB1wldCikLNUZNvoa:cyGXq6asuornNPGM0a2KgiK4Rn
Score10/10-
Detect ZGRat V1
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Detects executables packed with ConfuserEx Mod
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1