General

  • Target

    a588719fde114a1cdc9dbb9218094c7485e28f5affdbd30ed6d6b2b4b2b5e57c

  • Size

    4.1MB

  • Sample

    240502-gs1nhsah5v

  • MD5

    7f002bf46850eb5824ec8a18a192259e

  • SHA1

    2d5c41cb3dd874e735dee3081657629cf51f4232

  • SHA256

    a588719fde114a1cdc9dbb9218094c7485e28f5affdbd30ed6d6b2b4b2b5e57c

  • SHA512

    2f634d38ec7150fcdd768d63eae8f0eb74b91d03d5f750a4ca164a8a5fcd815f7613d1151efdee3289ac994358d6163575f59f367d9b6440c1f5830005abf173

  • SSDEEP

    49152:Les/XZr3JpblfAGf8qgYVwrQ659tRe0TrjDhw2Gk1ep80tcYapIOovxbw/:LeaZr3nbN3gY9I9t/rvhwo1Q8nY5Hv

Malware Config

Extracted

Family

redline

Botnet

BildNew1

C2

45.140.167.55:14878

Targets

    • Target

      a588719fde114a1cdc9dbb9218094c7485e28f5affdbd30ed6d6b2b4b2b5e57c

    • Size

      4.1MB

    • MD5

      7f002bf46850eb5824ec8a18a192259e

    • SHA1

      2d5c41cb3dd874e735dee3081657629cf51f4232

    • SHA256

      a588719fde114a1cdc9dbb9218094c7485e28f5affdbd30ed6d6b2b4b2b5e57c

    • SHA512

      2f634d38ec7150fcdd768d63eae8f0eb74b91d03d5f750a4ca164a8a5fcd815f7613d1151efdee3289ac994358d6163575f59f367d9b6440c1f5830005abf173

    • SSDEEP

      49152:Les/XZr3JpblfAGf8qgYVwrQ659tRe0TrjDhw2Gk1ep80tcYapIOovxbw/:LeaZr3nbN3gY9I9t/rvhwo1Q8nY5Hv

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks