Overview

overview

10

Static

static

3

x_debloated.exe

windows7-x64

3

x_debloated.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x_debloated.exe

  • Size

    1.1MB

  • Sample

    240513-w2ngwagg8t

  • MD5

    007ce165ab3ed52fd01260e28583630e

  • SHA1

    e8940ff704d7545e2c4049cf556ebe6c4b13f07b

  • SHA256

    3478cb72674de4bbfbabd812e9383008bee123374ccdce446ceb8ed58a209b05

  • SHA512

    acd79dab95c89f6421626d07ffc291ad2f8fbcbef046cb9612820ea454c5f5d1b2f77713b69c07b3293c93fe53411eed2cd0d25a8da6bb97cc6d23a649f690bd

  • SSDEEP

    24576:lIHCA1uqM1oatbwvRpIgPAW88D6zNVBs6:EuqM1oatUvR/gjBn

Score
10/10
redlinezgratdiscoveryinfostealerratspywarestealer

Malware Config

Targets

    • Target

      x_debloated.exe

    • Size

      1.1MB

    • MD5

      007ce165ab3ed52fd01260e28583630e

    • SHA1

      e8940ff704d7545e2c4049cf556ebe6c4b13f07b

    • SHA256

      3478cb72674de4bbfbabd812e9383008bee123374ccdce446ceb8ed58a209b05

    • SHA512

      acd79dab95c89f6421626d07ffc291ad2f8fbcbef046cb9612820ea454c5f5d1b2f77713b69c07b3293c93fe53411eed2cd0d25a8da6bb97cc6d23a649f690bd

    • SSDEEP

      24576:lIHCA1uqM1oatbwvRpIgPAW88D6zNVBs6:EuqM1oatUvR/gjBn

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks