redline

General

Target

008d9913e8ce8bb934b93c559a2e32fa.bin.exe
Size

3.4MB
Sample

240512-qext5sbb37
MD5

008d9913e8ce8bb934b93c559a2e32fa
SHA1

10e863115463502aaea5c18f71e02221c6cd02db
SHA256

a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba
SHA512

bb2650f0d776cc479b71987b3a5ef6338eb74b70de04b3628bdf8a1d48199b33d8050b6378b46a75cfba744a8800aa374474197018052184631c5edba0066d55
SSDEEP

98304:h8P8hjuTg6NzRkqDGHiR27pb0WAOfraP1:hkoyTgAj6N1b0WAOfraP1

Score

10^/10

redline zgrat 1 infostealer rat spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

194.36.178.33:47454

Targets

- Target
  
  008d9913e8ce8bb934b93c559a2e32fa.bin.exe
- Size
  
  3.4MB
- MD5
  
  008d9913e8ce8bb934b93c559a2e32fa
- SHA1
  
  10e863115463502aaea5c18f71e02221c6cd02db
- SHA256
  
  a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba
- SHA512
  
  bb2650f0d776cc479b71987b3a5ef6338eb74b70de04b3628bdf8a1d48199b33d8050b6378b46a75cfba744a8800aa374474197018052184631c5edba0066d55
- SSDEEP
  
  98304:h8P8hjuTg6NzRkqDGHiR27pb0WAOfraP1:hkoyTgAj6N1b0WAOfraP1
Score

10^/10

zgrat rat redline 1 infostealer spyware
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

RedLine payload

ZGRat

.NET Reactor proctector

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2