redline

General

Target

008d9913e8ce8bb934b93c559a2e32fa.bin
Size

2.6MB
Sample

240514-bcnfcscf41
MD5

33d9b1a7653cba44df600dc6e43e81fc
SHA1

e80026da5fad48dae73402afbe170bd9ab4c0adf
SHA256

72314ab54f1d53464f1f5aadb50448dae3a241a6e40ca4bd1b5bfa32e2b75b4d
SHA512

e5dbe39eac0474cbc8e2a5399f3820792bbbd0ad3a7787d4254aac5b9fc7f26a0b383ca8d0875510f67f49ea50b219da73924ebf0c925004bf49f0966b9fbd3b
SSDEEP

49152:ytXCpHmRo8kfp/effEmrXHFW35SHwbErdOvlfdG1w+RS6mv/74htCFx7O:Nm+d6coceSEpyBdG1Do6mv/MtCv7O

Score

10^/10

redline zgrat 1 infostealer rat spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

194.36.178.33:47454

Targets

- Target
  
  a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba.exe
- Size
  
  3.4MB
- MD5
  
  008d9913e8ce8bb934b93c559a2e32fa
- SHA1
  
  10e863115463502aaea5c18f71e02221c6cd02db
- SHA256
  
  a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba
- SHA512
  
  bb2650f0d776cc479b71987b3a5ef6338eb74b70de04b3628bdf8a1d48199b33d8050b6378b46a75cfba744a8800aa374474197018052184631c5edba0066d55
- SSDEEP
  
  98304:h8P8hjuTg6NzRkqDGHiR27pb0WAOfraP1:hkoyTgAj6N1b0WAOfraP1
Score

10^/10

zgrat rat redline 1 infostealer spyware
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

RedLine payload

ZGRat

.NET Reactor proctector

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2