General
-
Target
ccb0f5d2bbc7fbcd69c5341fc2cab1c0_NeikiAnalytics
-
Size
459KB
-
Sample
240510-m622dsag3v
-
MD5
ccb0f5d2bbc7fbcd69c5341fc2cab1c0
-
SHA1
064d12fa1a21334866c2c0fc06d2632b4604248b
-
SHA256
f9cbe2665abfa10c3aeda30363951397a22673f4e068f8a64563b156b46c8274
-
SHA512
ac72f9468de6967d6c44dd1e4c549bd773902e8611b4104de36f7a2d1732353b644dca3d9f22e1168a08106ded7e4176f9de3b5547923a32ba75bbc2cda467ed
-
SSDEEP
6144:RBQ4J4ZgQBW643RESjJMOGy6qtGeFTRRLTPYh4g51+lq99zwJ3ub0zDVUtWdRXRa:44J4ZH65jJMOQqUw05hyJVFU0dRXRa
Malware Config
Targets
-
-
Target
ccb0f5d2bbc7fbcd69c5341fc2cab1c0_NeikiAnalytics
-
Size
459KB
-
MD5
ccb0f5d2bbc7fbcd69c5341fc2cab1c0
-
SHA1
064d12fa1a21334866c2c0fc06d2632b4604248b
-
SHA256
f9cbe2665abfa10c3aeda30363951397a22673f4e068f8a64563b156b46c8274
-
SHA512
ac72f9468de6967d6c44dd1e4c549bd773902e8611b4104de36f7a2d1732353b644dca3d9f22e1168a08106ded7e4176f9de3b5547923a32ba75bbc2cda467ed
-
SSDEEP
6144:RBQ4J4ZgQBW643RESjJMOGy6qtGeFTRRLTPYh4g51+lq99zwJ3ub0zDVUtWdRXRa:44J4ZH65jJMOQqUw05hyJVFU0dRXRa
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-