Extracted

• • Target

    f2c824ceda7cc9327670df2ee128d6ec9cc7c030f276054089cea05ccdc3ea1e.exe

  • Size

    260KB

  • MD5

    8b4a960892675fc44ecb3206e9263f2f

  • SHA1

    45d0bffd4522545e9a11c557dff2be2c574fe7d8

  • SHA256

    f2c824ceda7cc9327670df2ee128d6ec9cc7c030f276054089cea05ccdc3ea1e

  • SHA512

    b3f5e3df2253a458c76cc8ba0ed4109772fce02b2e5c142bbbd28e84b0123e8cb8e828e49f6a66a5a8b574d8a983127595e466c1a8e86340aef3abeae02c4125

  • SSDEEP

    6144:Oqv0vb3oJz/bnvdNdhcs0+fp8iagfJmWct2l:kb38/bnvddI+fp2gfstm

  Score

  10^/10

  redlinezgrat7001210066discoveryinfostealerratspywarestealer

  • Detect ZGRat V1

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2