redline

General

Target

D2.zip
Size

565KB
Sample

240513-wba4vsff5v
MD5

c6bfcaf55a8ad83b1252bd48d702be55
SHA1

4908b7ba51a3974d1dfb6e0b7555469c9fbc2b8c
SHA256

4f260fbc7bde713d22a14689bdbf178e0f6ce58bd4be3d291b4db9be07857474
SHA512

5a258c2c70b90c3723deca4f3542312000c5da281be1be0aed54ae41e5cf0a5ebf8c6cc33c1df1b09bfc6ca2c87541c4821f5a62b448c406514f25ef24a8db4b
SSDEEP

12288:tayqb/55fO/qI0l9CRJmZMXywExzu1CYuBhvnFE:tVqbDOiI0l9imZ9zu1CdBJi

Score

10^/10

Malware Config

Targets

- Target
  
  D2
- Size
  
  1.2MB
- MD5
  
  257e39d3303af1aeb617348d24f6fd6d
- SHA1
  
  312a83b35ecb90068d845736b85157d4832c5224
- SHA256
  
  79c1b2807322559ab1996ef9f704a4ae213d0b282c5f3972862eb1039a54edde
- SHA512
  
  d88ff532f4e396ffef520f6f0ab7c9711cfe25c4cfd2e3ba84f7a8de6fc2d94942c54f66c467037d0000852b8539974b8d43c7ca754b012e6472b2d1eee9cd0b
- SSDEEP
  
  24576:/KxiiAH280V6GfVDeRzFZMskrfQDmUx5Da1adHJFsF:/KAOV6GfVDePey7pdJFsF
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

RedLine payload

ZGRat

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2