Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    345b168de81cbf53225f11d12979b9ecf75b7d5cccda6bf2e3d31a5aa482b9a5

  • Size

    455KB

  • Sample

    240509-2rc62sed67

  • MD5

    70c8adb1ad494da6b69aadbd433962ae

  • SHA1

    ec00cdba9ffa26031360f54f0645254543eab580

  • SHA256

    345b168de81cbf53225f11d12979b9ecf75b7d5cccda6bf2e3d31a5aa482b9a5

  • SHA512

    9b20168572e563e66733fcff1193b42f3da465b10439acb4b84796e1920314ffd569c45d58c1ce923fe0f19f7cc52a814391a27068bb0de47590ecdcf4db8ca1

  • SSDEEP

    12288:Ob3DM5I9krYKxFT/4ZmadeHmjzLj49gmHDo/w1:Ob3FGrYKPT/Sel9gmHX1

Score
10/10
redlinezgratlogsdiller cloud (tg: @logsdillabot)infostealerrat

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

    • Target

      345b168de81cbf53225f11d12979b9ecf75b7d5cccda6bf2e3d31a5aa482b9a5

    • Size

      455KB

    • MD5

      70c8adb1ad494da6b69aadbd433962ae

    • SHA1

      ec00cdba9ffa26031360f54f0645254543eab580

    • SHA256

      345b168de81cbf53225f11d12979b9ecf75b7d5cccda6bf2e3d31a5aa482b9a5

    • SHA512

      9b20168572e563e66733fcff1193b42f3da465b10439acb4b84796e1920314ffd569c45d58c1ce923fe0f19f7cc52a814391a27068bb0de47590ecdcf4db8ca1

    • SSDEEP

      12288:Ob3DM5I9krYKxFT/4ZmadeHmjzLj49gmHDo/w1:Ob3FGrYKPT/Sel9gmHX1

    Score
    10/10
    redlinezgratlogsdiller cloud (tg: @logsdillabot)infostealerrat

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks