General
-
Target
Yuqu_v_7.98.zip
-
Size
312KB
-
Sample
240513-ybkpeabh53
-
MD5
2ec301ee8351ef1c26b0d20c8dfca571
-
SHA1
7803bc561d9c2a45e5bbd7143322ac8e03af2a9e
-
SHA256
58c5cdcc3d86ea378fbae69fbe43d6f47dd556d2b5343fd558f87f5450fba185
-
SHA512
89800c85098f80c3d3096aa25ad5f6659bd07ea501143696596a7af53528b919f09a1e492c820856c424d74b0d042c13a3afad7ea5e5f7e0d1401c40337864f0
-
SSDEEP
3072:BiSgAkHnjPIQ6KSEX/gHePaW+LN7DxRLlzglKz4i/4:JgAkHnjPIQBSE4+PCN7jBz4i/4
Malware Config
Targets
-
-
Target
Yuqu_v_7.98.zip
-
Size
312KB
-
MD5
2ec301ee8351ef1c26b0d20c8dfca571
-
SHA1
7803bc561d9c2a45e5bbd7143322ac8e03af2a9e
-
SHA256
58c5cdcc3d86ea378fbae69fbe43d6f47dd556d2b5343fd558f87f5450fba185
-
SHA512
89800c85098f80c3d3096aa25ad5f6659bd07ea501143696596a7af53528b919f09a1e492c820856c424d74b0d042c13a3afad7ea5e5f7e0d1401c40337864f0
-
SSDEEP
3072:BiSgAkHnjPIQ6KSEX/gHePaW+LN7DxRLlzglKz4i/4:JgAkHnjPIQBSE4+PCN7jBz4i/4
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-