redline | ee348f845ad37552a32b0643002b39614abab46eb7cba0788a4fe75ce5191c6c | Triage

Submit
Reports

Overview

overview

Static

static

1

Aquantia_S...21.exe

windows11-21h2-x64

Resubmissions

12-05-2024 16:17

240512-trvr4adh71 10

12-05-2024 16:04

240512-th9vnade4x 10

Sharing

General

Target

Aquantia_Setup 2.21.exe
Size

368KB
Sample

240512-trvr4adh71
MD5

f77b3165615ad09f0dec44af2746fc36
SHA1

7b6bc037c7c82534805a739e93a14a34cffb15de
SHA256

ee348f845ad37552a32b0643002b39614abab46eb7cba0788a4fe75ce5191c6c
SHA512

a002681e303d6ffa165e9500c9a64e23ccda58f503d182d397f25cf9661fa2268a6da750f7af12eac1d90c3fe7c2853f0ba8f2f42badd8a353fac176774a5565
SSDEEP

6144:su1A7hb59pvaOKDpV1aUDTssIIE4dnW4hqHAJwtPzhAgr7NHiNI6espZ:sQAX9Qr1aUD4s8ZzKgoaPspZ

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Aquantia_Setup 2.21.exe

Resource

win11-20240508-en

redline zgrat discovery infostealer rat spyware stealer

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Aquantia_Setup 2.21.exe
- Size
  
  368KB
- MD5
  
  f77b3165615ad09f0dec44af2746fc36
- SHA1
  
  7b6bc037c7c82534805a739e93a14a34cffb15de
- SHA256
  
  ee348f845ad37552a32b0643002b39614abab46eb7cba0788a4fe75ce5191c6c
- SHA512
  
  a002681e303d6ffa165e9500c9a64e23ccda58f503d182d397f25cf9661fa2268a6da750f7af12eac1d90c3fe7c2853f0ba8f2f42badd8a353fac176774a5565
- SSDEEP
  
  6144:su1A7hb59pvaOKDpV1aUDTssIIE4dnW4hqHAJwtPzhAgr7NHiNI6espZ:sQAX9Qr1aUD4s8ZzKgoaPspZ
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinezgratdiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy