Extracted

• • Target

    9286cb2040e5f4e89d84e3b8ad0c9e771ca6f7f19774894c1d24d4a902918ea5

  • Size

    260KB

  • MD5

    d6dcf207acc66349b7b628552755df1c

  • SHA1

    7495a33e1b90f9a34b7a2c62de228e49646b3156

  • SHA256

    9286cb2040e5f4e89d84e3b8ad0c9e771ca6f7f19774894c1d24d4a902918ea5

  • SHA512

    72967726fd9158ad7b0d8118c35ab5d7abaf8d28ba485587d78a7345e1363d5270d75d98b5dcba909d6202807262d9f76b95d9284fb16325f5132a3931cbcfce

  • SSDEEP

    3072:yI0qv0p6bb3144JB3ZnDfbstlafUNLyqNYFltJEo2erC9ueTKEYlZ3nb59fy6UxF:Qqv0pMb3dJzobRY7BX+9DKEYTl9f4

  Score

  10^/10

  redlinezgrat5637482599discoveryinfostealerratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2