General

  • Target

    9DB696D411E33A3A68DB18B8A1680112.exe

  • Size

    7KB

  • Sample

    240503-z96j7sfc51

  • MD5

    9db696d411e33a3a68db18b8a1680112

  • SHA1

    8ad3f5f7730ba7db2b656b3ea080e743115980e4

  • SHA256

    94f46a73df32470400d1fc25336146155321a04c4eec0f40cb8527db702499e3

  • SHA512

    c998e1070f4375121cbfc0bbf8421db5f5ef9891edb5610d4d50fcbd5222d0f33121f38b72730d038d63e092f24067b5b74b5c59b31cdcd97364c0812d08951b

  • SSDEEP

    96:bz7UDyrF4xhsty0BoaJt+lYn5euWY+tn4XgPPH6My3JK2VOf2dfeazNt:PSuF8hsty0qUt+lUeuHO+gn6My4q1

Malware Config

Extracted

Family

redline

Botnet

murder - first build

C2

109.120.178.235:26632

Targets

    • Target

      9DB696D411E33A3A68DB18B8A1680112.exe

    • Size

      7KB

    • MD5

      9db696d411e33a3a68db18b8a1680112

    • SHA1

      8ad3f5f7730ba7db2b656b3ea080e743115980e4

    • SHA256

      94f46a73df32470400d1fc25336146155321a04c4eec0f40cb8527db702499e3

    • SHA512

      c998e1070f4375121cbfc0bbf8421db5f5ef9891edb5610d4d50fcbd5222d0f33121f38b72730d038d63e092f24067b5b74b5c59b31cdcd97364c0812d08951b

    • SSDEEP

      96:bz7UDyrF4xhsty0BoaJt+lYn5euWY+tn4XgPPH6My3JK2VOf2dfeazNt:PSuF8hsty0qUt+lUeuHO+gn6My4q1

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Deletes itself

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks