General
-
Target
TORONTO - BEST.zip
-
Size
8.2MB
-
Sample
240509-q821ysfh63
-
MD5
832a854209956f0f80ff7cc6dd79ccf8
-
SHA1
465cbe10a501fa08067c600c5e75212a12326ff6
-
SHA256
756bd1b6b32fb43874262844d1c398d5ab16a1524b9671af19d7e1049096ac8e
-
SHA512
7c3aa864ece298d30225b5cb6939cca374c1fb5a835239f526a92001a226b186a702fc7b1c19fd0656be70fb143bc7cf99c2189b1d9cb66f6fc1254d866baea0
-
SSDEEP
196608:0Vha9cbHapWlTZ9Yw94U+dlqvfGlnhf0Kk5bs3u+1Z:0/a9SXZHOU+6f8hf25Yu+z
Malware Config
Targets
-
-
Target
7z.dll
-
Size
1.6MB
-
MD5
72491c7b87a7c2dd350b727444f13bb4
-
SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7
-
SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
-
SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511
-
SSDEEP
24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT
Score1/10 -
-
-
Target
TORONTO.exe
-
Size
428KB
-
MD5
f01b98fc5d24395dbc3219624758fe94
-
SHA1
4ebcbbec3c980d5d8a03be926dbb2608f0163861
-
SHA256
20577a99d6c3fa639447096644f66fcb1b55b808de87a686749cfc7a658d3c38
-
SHA512
7fe5c3732657cc6140ff1c53437f43ede9399c2bd2a59722f0f5c59dd8ec064e877f185574236192a219db497febcadc72ac69d9cf931f1fa775cdea36a23f51
-
SSDEEP
6144:bJollhS4qdxjPxUUsDI6NioQMKNU3dnzeMutErZf5/9B9tuEwnlMLHt/kTpOgsme:9m/SNRuSNU35LyEJfBKEPLHt/q+KU
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
opengl32sw.dll
-
Size
20.0MB
-
MD5
7dbc97bfee0c7ac89da8d0c770c977b6
-
SHA1
a064c8d8967aaa4ada29bd9fefbe40405360412c
-
SHA256
963641a718f9cae2705d5299eae9b7444e84e72ab3bef96a691510dd05fa1da4
-
SHA512
286997501e1f5ce236c041dcb1a225b4e01c0f7c523c18e9835507a15c0ac53c4d50f74f94822125a7851fe2cb2fb72f84311a2259a5a50dce6f56ba05d1d7e8
-
SSDEEP
393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
Score1/10 -