redline

General

Target

58f18d547d87c9580e136ef3b0a6d030_NeikiAnalytics
Size

288KB
Sample

240510-ydqnfadh6v
MD5

58f18d547d87c9580e136ef3b0a6d030
SHA1

9ad5ad8aea39845475a8bb2b1210733207d9c744
SHA256

c2602b52ded3f627cf95cba8ce73cb7c87d0801e311ecc89d76f581a88de6a66
SHA512

fe94bf0c59b34e54ca7291fd202b44dcd03e9fb9901410e02daa42b49329f41e4b39d6624ad2945c8213a9937f247dce27b0e2c6388647b2d9b84ac7cb6b2163
SSDEEP

6144:CFwObbLaRweYyiBodebbws/X3T3pW/z6om1elSOsJucBllIyZq:wb+R1fe4sv1Wb6od0OsU2Xq

Score

10^/10

Malware Config

Targets

- Target
  
  58f18d547d87c9580e136ef3b0a6d030_NeikiAnalytics
- Size
  
  288KB
- MD5
  
  58f18d547d87c9580e136ef3b0a6d030
- SHA1
  
  9ad5ad8aea39845475a8bb2b1210733207d9c744
- SHA256
  
  c2602b52ded3f627cf95cba8ce73cb7c87d0801e311ecc89d76f581a88de6a66
- SHA512
  
  fe94bf0c59b34e54ca7291fd202b44dcd03e9fb9901410e02daa42b49329f41e4b39d6624ad2945c8213a9937f247dce27b0e2c6388647b2d9b84ac7cb6b2163
- SSDEEP
  
  6144:CFwObbLaRweYyiBodebbws/X3T3pW/z6om1elSOsJucBllIyZq:wb+R1fe4sv1Wb6od0OsU2Xq
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2