redline

Sharing

Copy URL

Twitter E-mail

General

Target

WaveTrial.zip
Size

36.3MB
Sample

240506-betedseg83
MD5

b2a179d5c8fafb2573f0c6ce19940ba7
SHA1

40daef6a2ecbf3a8dad5fd35148e7b98db143adf
SHA256

32f425cf60bc75a0e07aa17548404d3c655aa9c33024c6986f276ee6dd1e6052
SHA512

6c42b3a2e382dec5e870f961404e2cfd182e4534435dcb30417bd79232310e75ad1241252e7b1599ec4c4ef54647f2d2083c38ec70e1c7305f821a5d2d1c91e8
SSDEEP

786432:qrm8ldEIOy3vvyNmZbetuED1zOz0OcbD0BQaBKX+ltYlqfT:yELyHWeuD1TEBVBK4YEfT

Score

10^/10

Malware Config

Targets

- Target
  
  WaveTrial.zip
- Size
  
  36.3MB
- MD5
  
  b2a179d5c8fafb2573f0c6ce19940ba7
- SHA1
  
  40daef6a2ecbf3a8dad5fd35148e7b98db143adf
- SHA256
  
  32f425cf60bc75a0e07aa17548404d3c655aa9c33024c6986f276ee6dd1e6052
- SHA512
  
  6c42b3a2e382dec5e870f961404e2cfd182e4534435dcb30417bd79232310e75ad1241252e7b1599ec4c4ef54647f2d2083c38ec70e1c7305f821a5d2d1c91e8
- SSDEEP
  
  786432:qrm8ldEIOy3vvyNmZbetuED1zOz0OcbD0BQaBKX+ltYlqfT:yELyHWeuD1TEBVBK4YEfT
Score

1^/10
behavioral1
- Target
  
  CefSharp.Core.Runtime.pdb
- Size
  
  10.8MB
- MD5
  
  64ba7b5310401aca16a87445a11167c0
- SHA1
  
  c7ba9182422fb3a9a0f7eb125c903c3a7995e9bc
- SHA256
  
  f05c1d8c0cf0d01b3830ca7b3aac934d808da8ee39882f5cf5f8cfea2ea8242b
- SHA512
  
  361396b5fbc4fbf91f3efd9cd2d5d30bbc6453cf5e1f69e63e79f2c9a109c842898f53baed1682aa162a0ceb78f76870aa2aad4ac4fbc203daec473ec6e1a5a2
- SSDEEP
  
  49152:DEosQ6J4Um/AFM+Kovr2zq+z+i0y8+0OzA3FgBuxa2kq7Wy6JPek+IG7A6miwufD:ndxBxsS+OAM9rCBbrGwUIJP
Score

3^/10
behavioral2
- Target
  
  CefSharp.Wpf.dll
- Size
  
  114KB
- MD5
  
  36946182df277e84a313c3811adac855
- SHA1
  
  bcd21305861e22878271e37604b7b033ec347eb3
- SHA256
  
  8507a4662220eca49d7d511183be801cd394f13dc0e9898c55361020fe9a4720
- SHA512
  
  80b1e947b1940dccfe5be8a1ba1e8c1d9eacb122d73724a21233164f5b318fa57c249256f621f0f9c1e6a9e4c902eec58827bb899e20f2990f4ade1d685f1abd
- SSDEEP
  
  3072:tvd969S0dZqKLfGlAW9mLGKOiGfiVmVgGs0COe5w5tnR:tvb69SSZqKLfGlAW9iGliAVgGp3t
Score

1^/10
behavioral3
- Target
  
  CefSharp.dll
- Size
  
  272KB
- MD5
  
  715c534060757613f0286e1012e0c34a
- SHA1
  
  8bf44c4d87b24589c6f08846173015407170b75d
- SHA256
  
  f7ad2bbbeb43f166bbbf986bdb2b08c462603c240c605f1c6a7749c643dff3fe
- SHA512
  
  fcaec0c107a8703a8263ce5ccc64c2f5bfc01628756b2319fde21b0842652fbeee04c9f8f6d93f7200412d9bd9fad01494bc902501fb92e7d6b319f8d9db78d7
- SSDEEP
  
  3072:y79yn4VZ3fE1clgTTNmMnRGhH7gxNT5AL6GmAj9VB08OKNlUtrz+pyUU2Hu61:m3OKraRAEx7AL1mAjDB08jNlY+pmj6
Score

1^/10
behavioral4
- Target
  
  Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  26KB
- MD5
  
  420547c22653e59d5646cd9021b7bb34
- SHA1
  
  8abcaa4d9ab7ba7cbbae55622f16750dae196bda
- SHA256
  
  4d16c90604a38c9ff957e87f37d1cb22e1bd6c40418ee040e50c004a292e1b5c
- SHA512
  
  6f1f9499ac82015e1f2ebcf6d573f43012bcd31f25563f4b75d5ddb92e0c08e0e9b9979dde1c54a0fc4d625b19efcc780d80906a595a33970158ec6a06c55123
- SSDEEP
  
  384:POJWqnwmBbNAsW0VES2j0cX6dAl+NWaVzrdcoq5pWeL/Ww5kHRN78+L49R9zJcRJ:PulwmBhbVv2wK5GdcTu8+L69z6R2W
Score

1^/10
behavioral5
- Target
  
  Wave.exe
- Size
  
  456KB
- MD5
  
  b4508e023549a27e6e1691d654b3a4fa
- SHA1
  
  a5605aa85eb1529389e759fd81956cfd250e6576
- SHA256
  
  58cc58a5991d0e9c4c6e86050a3b61b99f6c096be57e8eab9d9a041d5599e76a
- SHA512
  
  758dee577d6568d6727434bf6cd5653b31e57c94982a907c27dbfdf73f73f29fd8a3490d959f460da357970a5dd1387ab9445bff9728ecced970b406dd0f1654
- SSDEEP
  
  12288:rW5NIYF4UncZ/943oNChD/M1slkD839+ytU6tLwCHo:a7IxZ/6r/VlkD8LtUIs0
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral6
- Target
  
  chrome_100_percent.pak
- Size
  
  682KB
- MD5
  
  d3e06f624bf92e9d8aecb16da9731c52
- SHA1
  
  565bdcbfcbfcd206561080c2000d93470417d142
- SHA256
  
  4ee67f0b0b9ad2898e0d70ddfad3541fbd37520686f9e827a845d1930a590362
- SHA512
  
  497126af59961054155fbb8c3789d6278a1f5426000342f25f54115429ff024e629783f50f0c5350500007854712b07f7d8174ecfe60d59c4fdd5f3d72dac262
- SSDEEP
  
  12288:jI3H1fJxjzgsz5B0GDJQrnKs8SNP+QSsSilRBiNz40D+cIXm4pEqoO0TehErw5:83VBx7zEEmPLSOiNz40KcUjpEqoO0TOR
Score

3^/10
behavioral7
- Target
  
  chrome_200_percent.pak
- Size
  
  1.1MB
- MD5
  
  34572fb491298ed95ad592351fb1f172
- SHA1
  
  4590080451f11ff4796d0774de3ff638410abdba
- SHA256
  
  c4363d6ecfa5770b021ce72cc7d2ab9be56b0ce88075ec051ad1de99b736dbbd
- SHA512
  
  e0e7deccb26b7df78d6193750bfb9aad575b807424a0a5d124bd944e568c1bb1ae29f584246f753d619081a48d2897815145028ffedd9488e9a8f102cdc67e2f
- SSDEEP
  
  24576:w3zB69p5zLmmibkFR8+mZR9hQumegvQtSP0KAwvdbbaV26edhOLoeu5:w3E53mNbkFRJmH9hQRhQsP0KVvdK2jrZ
Score

3^/10
behavioral8
- Target
  
  chrome_elf.dll
- Size
  
  1.3MB
- MD5
  
  5b3802f150c42ad6d24674ae78f9d3e8
- SHA1
  
  428139f0a862128e55e5231798f7c8e2df34a92a
- SHA256
  
  9f455612e32e5da431c7636773e34bd08dae79403cc8cf5b782b0ea4f1955799
- SHA512
  
  07afbd49e17d67957c65929ca7bdfe03b33b299c66c48aa738262da480ed945712d891be83d35bd42833d5465ef60e09c7a5956df0a369ec92d3bc2d25a09007
- SSDEEP
  
  24576:LcTZORTcbxjPziCdLI3ovs8t8+oaOzjY:LcTZYTOxjPzJdEoNa+2fY
Score

1^/10
behavioral9
- Target
  
  data/settings.json
- Size
  
  302B
- MD5
  
  1e722632ed48357c52053d253e2ca435
- SHA1
  
  a251dbb42716ed3d0e0aa1710d135bf77991e18c
- SHA256
  
  5b20eb5a38c50a5f8f650f5a600481d5d303441b65709c4c01ebb17954416d8e
- SHA512
  
  e77baeeb60488b4ab1fbd4231a78144f6c5963a8a87542baa3764a7a6ac29f3591c5fd4f1507dab6134104e1574882b435cebaccf0eb1111b9b1efaf77ffc8cf
Score

3^/10
behavioral10
- Target
  
  debug.log
- Size
  
  1.0MB
- MD5
  
  9d10d27c19e7c74f0fedab1e69d1b1b8
- SHA1
  
  acd8d3986379a02f6181b4ab37118586d9f0c5bb
- SHA256
  
  4e58c3eb7700be84bdbd77c877616e260a4e45aa24298a460e5b5c7db333d1c9
- SHA512
  
  0eb2738b04708ed0f3e8224213d7cd5eeeff23b281cfbf69ef1ed74e6a3470ff27a6513552ee9ad0a6c87745299e423bb6e497cda84cbe99f70d2a0fb4a487ec
- SSDEEP
  
  1536:gzGRtpqL9IfzBb5nZsIjhGhrLuc/o4njv74tlr/iQsxUfbExLYbTEB7SVJOFQh13:1sIjhB
Score

1^/10
behavioral11
- Target
  
  dist/server/index.js
- Size
  
  1.1MB
- MD5
  
  ec10dcf5055923fbfb484a5da24b8705
- SHA1
  
  520a15bf1a691c17619aa2752f2c28803d9be065
- SHA256
  
  265981a055949af0e5497e5ff677c8c404f60b82e1051df106d871dc6b476e73
- SHA512
  
  30485ea7ae0ca770275793873f6e5f5f658fd9d02345574152c49d3b2c48c0a56edfca074e04066eefcde6c340a94e1c7bf305068a4be00c48e40537f118d2ce
- SSDEEP
  
  12288:znenmgaIgUpEqBeO/UmPpM/sYDmatEyuxOAcOe3ZQQT:znqY5qLuwcuhgQQT
Score

3^/10

execution
behavioral12
- Target
  
  dist/shared/bin/en-us.json
- Size
  
  5.5MB
- MD5
  
  de2ac61fe7207c1b2f304b05fae4e39f
- SHA1
  
  72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
- SHA256
  
  c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
- SHA512
  
  4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8
- SSDEEP
  
  24576:xFxk0tadFplqZ8tb2xDMKUJHBg4wq96e/o:/Z4Bg4wq96e/o
Score

3^/10
behavioral13
- Target
  
  dist/shared/bin/globalTypes.d.luau
- Size
  
  418KB
- MD5
  
  4fb046cf2752a7e38784b9c223fc749a
- SHA1
  
  ec60cb7dca1a73001cffbcf858ec0a8714dbca1a
- SHA256
  
  89259d80bd757a1d0a5b47b5c7eac1d8f84071d71b49049dd49a37ef8dee727c
- SHA512
  
  763d7d904ae606b2e9692b46d5c18bab98eecd6973330f223da738f74f918530729df0ea8d91b976fc2787592d469c187bc027ad142dc5cef0d7b615948c7e13
- SSDEEP
  
  6144:siqczXlabtPJQc3zJqjFY/OSRlXAR6fTU4Dx0YvDr7YuHqkZhCd6dFyDWro/1SXB:SJQc3zJ5Dx+0
Score

3^/10
behavioral14
- Target
  
  dist/shared/bin/wave-luau.exe
- Size
  
  3.4MB
- MD5
  
  12fd29fcaf6f6518b8bf9e976928fa38
- SHA1
  
  1f9352e217518eaceefdd041e3f085ffbb93acb0
- SHA256
  
  d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
- SHA512
  
  b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b
- SSDEEP
  
  49152:EIo5oIIIVWVNNNNNPpXqyJh0jtX6YNimufCiZ8ylLyfMAXyDiw1P6bNi/xeLZQpV:2hugpuTcdyPs+GJH/
Score

1^/10
behavioral15
- Target
  
  dist/shared/bin/wave.d.luau
- Size
  
  4KB
- MD5
  
  ec1e22fcdb56c0027ebc8cc4de1d0e64
- SHA1
  
  01c3295445117957e0aa1facbd2538d68b600c78
- SHA256
  
  65f300099bb14dc2ff2e2fc3a3ebda335d16433c08e317eeb4673cf106ed34a3
- SHA512
  
  090c6fa8ad2b0d1e8b4dd5d42759b6ee56e96786da9d7aba34040bf3daf5ca8c5d00c9cc10cd4b84e3ebe023b2c5550c237207902a29afa9bd9dd38757c93017
- SSDEEP
  
  48:1BBj5GSCuv70v7xGs7OU8q47BD4B8yp5x4pbpweqY+tYmPFYknFYE7Vf52+n+iQh:/uBfCDSTEUVldH/q
Score

3^/10
behavioral16
- Target
  
  dist/shared/configuration/default.json
- Size
  
  57B
- MD5
  
  e42f1d887517cfd8a654c536615fc28a
- SHA1
  
  7d4a21dedca4cd4dfa536e01f71273fcd40f5022
- SHA256
  
  b965cc02dce6f970fd577ade571fc6b7af6e50d9064c15078a51af8497eb5211
- SHA512
  
  2258265368006694dd80fe660bacafebe1f2105473073bdd7c0bcd51f2da62b197724c196fde659e4ca46608d3fa5bb664ac1e1b31bcd58439b366f1564f538c
Score

3^/10
behavioral17
- Target
  
  dist/shared/en-us.json
- Size
  
  5.5MB
- MD5
  
  de2ac61fe7207c1b2f304b05fae4e39f
- SHA1
  
  72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
- SHA256
  
  c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
- SHA512
  
  4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8
- SSDEEP
  
  24576:xFxk0tadFplqZ8tb2xDMKUJHBg4wq96e/o:/Z4Bg4wq96e/o
Score

3^/10
behavioral18
- Target
  
  dist/shared/globalTypes.d.luau
- Size
  
  430KB
- MD5
  
  a692690d37ead9365e4c92a145d7e554
- SHA1
  
  ddff78ba3c227adcedb0ad6f727594d9f496707f
- SHA256
  
  785c8a1755f03d35fc4336c9bd611162f3a845d33dfbccd6cd6c66b69647aa8a
- SHA512
  
  b427ad84bb25f7a5a6b40071e412e8ce90c8a9d0a8f09c5d4986fb29ba2e6de2d7052bfc13ee569bd080f1d5082f1fa9c277debec08283bf9650889e4f6c9c48
- SSDEEP
  
  6144:saaXnoQC9fdNKoL1D8TYqEJ75ZimGDyW3eoHeW+lZHtJnbbbwJcwd7D7:vaXnoQC9fzD8ZZ
Score

3^/10
behavioral19
- Target
  
  dist/shared/themes/oneDark.json
- Size
  
  46KB
- MD5
  
  0dce182167902b3acd7f4dfb40c34008
- SHA1
  
  8d01295c8fbf0234a9c566e2b6b5ca3b6b7117ac
- SHA256
  
  bfd5d43a1b3e2db7372ec27cf97db5003e9cc30359499cd6c8a4676a540b2f45
- SHA512
  
  171b2402b3871a84466faf06b53f7e1a8a543651e212297ecd4fcbff3ddce6c3ef1548f25befcf3d3652669ab5148ed7ca3e911ddf626ec94802b4790216ea31
- SSDEEP
  
  384:KYiTCLvHL/tAAIKvkZQphffe+GzNpaq5If5fgvGR6ZXHVHurFUzntZ2SsHhNzk5V:XLfgKvkZQphffe+GzNCOvJZXHznth5V
Score

3^/10
behavioral20
- Target
  
  dist/shared/wave-luau.exe
- Size
  
  3.4MB
- MD5
  
  ea9177735cde86b5acbd149795c2c28d
- SHA1
  
  83eeb9a45fdedb0ba08bf18854a0cb7a33e8cfaf
- SHA256
  
  3e435ffccc94d3bc915476654179430585517fa94b16fdf040b7de96ac30fdd8
- SHA512
  
  5227dcef88a72837d60faa73505c6700b7e07416eb4d178cbfb8f60564860ed897127a9ae20e1980ce9f2782dd467d977cc76c40e4aa7161f3defe95899379c7
- SSDEEP
  
  49152:IIo5oIIIpXiWyNNNNNO6kcWrVB1tcerNq+RWCifk8S3L9BO+uSUOXY9Z17N29UvB:+wQiUREezI9gfT
Score

1^/10
behavioral21
- Target
  
  dist/shared/wave.d.luau
- Size
  
  4KB
- MD5
  
  59d632df071daad600a90dcc9b3efaa5
- SHA1
  
  6272375c7a87dda2616e935e8a921e9af1fe37a3
- SHA256
  
  927a1b9adfb0962908b60a70c6903a5ff72a6893760ee73db581f2c310e91eb0
- SHA512
  
  d811869d50980256716733d04f4f77e9d6a223ff3c3844b513dd2826f8cb262e5011b2115c3dc4b24efb8743d5e430368b443356863fd639c4d0821c031b5e91
- SSDEEP
  
  48:1BBj5GSCuv70v7xGs7OU8q47BD4B8yp5x4pbpweqY+tYmPFYknFYE7Vf52+n+iQf:/uBfCDSTEUVldH/o
Score

3^/10
behavioral22
- Target
  
  dist/start.cmd
- Size
  
  11B
- MD5
  
  3a6deb11e01a2191a3819f0a6364d95c
- SHA1
  
  e6ecc23bfd21a7a237c4e036741e0806659e86fc
- SHA256
  
  51e2aec7acfef86caefa3739b1d373b29809156df836793ac15d4af93d32fea6
- SHA512
  
  01fe050212b12bab96d605674a93ae98e8f498dcc17815c0ea7233e42c005483c9f5de1dcde734987012830106f0b40dccadc42e566aac49ed3cf37e986eea01
Score

1^/10
behavioral23
- Target
  
  dxcompiler.dll
- Size
  
  20.8MB
- MD5
  
  141f621285ed586f9423844a83e8a03f
- SHA1
  
  9c58feee992c3d42383bde55f0ff7688bc3bd579
- SHA256
  
  5592056f52768ba41aad10785d21c1b18baf850a7e6a9e35526f43a55e6ada6d
- SHA512
  
  951a55bbe86a7ebecfc946bf1c9a8c629f0e09510089a79a352cd6d89b7c42e0e23fd4f26232b0e73bd6d4ec158b86728cda2ab25745abcabfafadd964b55896
- SSDEEP
  
  393216:5NfWHkWI4F8p4q8ZyfV+mq7q5oIB1p4bWpso:cTW4bWpso
Score

1^/10
behavioral24
- Target
  
  dxil.dll
- Size
  
  1.4MB
- MD5
  
  cb72bef6ce55aa7c9e3a09bd105dca33
- SHA1
  
  d48336e1c8215ccf71a758f2ff7e5913342ea229
- SHA256
  
  47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
- SHA512
  
  c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
- SSDEEP
  
  24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
Score

1^/10
behavioral25
- Target
  
  icudtl.dat
- Size
  
  10.2MB
- MD5
  
  74bded81ce10a426df54da39cfa132ff
- SHA1
  
  eb26bcc7d24be42bd8cfbded53bd62d605989bbf
- SHA256
  
  7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9
- SHA512
  
  bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a
- SSDEEP
  
  196608:WgPBhORiuQwCliXUxbblHa93Whli6Z26wO+:W8wkDliXUxbblHa93Whli6ZUF
Score

3^/10
behavioral26
- Target
  
  roexec.dll
- Size
  
  15.6MB
- MD5
  
  b7660cbe69220a479611763e49cd50e1
- SHA1
  
  2a89b9e56190204f7a776b6612d89baadaef911c
- SHA256
  
  0c0c9b140ac34f43a7252ec81007024bcad1d5d526762e518513ec20ff0e3a2a
- SHA512
  
  6b5aad55413600e57a7313779aed5868da49b6502bc2543eb675d582d0ba3ed0d1a153a7fdff04353c5019ee115c1ce01748548c24b679882be1f885be31b7ed
- SSDEEP
  
  196608:d7sdHFJiem2Ijbtm+4dqFgva0HLmhBpRK5vtWAL4Lq22+oWlsHawFM+OuKsgAyhP:WViXbtm+Kvv4Rivtz+oWXuKseRP8
Score

8^/10
- Blocklisted process makes network request
behavioral27
- Target
  
  websocket-sharp.dll
- Size
  
  244KB
- MD5
  
  7379936cac71973885587a3bc6fbb70b
- SHA1
  
  e72fec39314d7eb75f13c1ff0459515d95dd910c
- SHA256
  
  fb06ffceb4f8789c893d2f292e5810927dd7266d3bad68df2cedb8775500e8be
- SHA512
  
  d9da358bcc134232f6418d49fe98c427ad49fe8a212a2f166fcbf1718d0a8f8b0fa055caec30b267c6e4b1b4d687f08394830e3fadbae812c4b255abdf8c7b7a
- SSDEEP
  
  3072:ZLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC519:Sn8nDenoRXoJF3bqEiyzZ5m1FsgU
Score

1^/10
behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28