redline | ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b
Size

260KB
Sample

240506-qet39ace5y
MD5

a9b1534950e681c10a65fd1a7c47c495
SHA1

5922f94b1624731e3eae256851bed0116013221a
SHA256

ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b
SHA512

fe5c872aa444dbc479bdb39c4d0b1d0d125e1d903c361be65f7f34d39685e18176d1331228492739a315c1c908496d3ddb0420550adfd2cd0e8bea12d0a2d65f
SSDEEP

6144:yqv0dfb33JzIFGMjJ6fu4nA06NlWVu9ge:ab3lIFGemh6SG

Score

10^/10

redline zgrat 708370717 discovery infostealer rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b.exe

Resource

win10v2004-20240226-en

redline zgrat 708370717 discovery infostealer rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b.exe

Resource

win11-20240419-en

redline zgrat 708370717 discovery infostealer rat spyware stealer

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

708370717

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b
- Size
  
  260KB
- MD5
  
  a9b1534950e681c10a65fd1a7c47c495
- SHA1
  
  5922f94b1624731e3eae256851bed0116013221a
- SHA256
  
  ba79b2887bebb3e525e8f24f413c84a2531852e936a7ab5d5a7f4fdec24a1d7b
- SHA512
  
  fe5c872aa444dbc479bdb39c4d0b1d0d125e1d903c361be65f7f34d39685e18176d1331228492739a315c1c908496d3ddb0420550adfd2cd0e8bea12d0a2d65f
- SSDEEP
  
  6144:yqv0dfb33JzIFGMjJ6fu4nA06NlWVu9ge:ab3lIFGemh6SG
Score

10^/10

redline zgrat 708370717 discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinezgrat708370717discoveryinfostealerratspywarestealer

behavioral2

redlinezgrat708370717discoveryinfostealerratspywarestealer

© 2018-2025

Terms | Privacy