redline | 4bf36954d0e3a086f4ea0a2f54ead1afc474a7e145296dd3e13c9a23db3e7bac | Triage

Submit
Reports

Overview

overview

Static

static

1

LucidSwapper.zip

windows11-21h2-x64

Sharing

General

Target

LucidSwapper.zip
Size

16.4MB
Sample

240515-kvarnahh61
MD5

5e3f7d7cd2a9e777c7715b4113be0e9c
SHA1

e8b8b6da84866bf8f52d250370d69cd8b7e374e8
SHA256

4bf36954d0e3a086f4ea0a2f54ead1afc474a7e145296dd3e13c9a23db3e7bac
SHA512

17b65231264848d249e86d647ca5f5fdb2b4a707b8108f81b1770daae9e0655c03ed44479bc2ad4b625eddc0ef2e62da5a0f7030c8a1c380600f343fb8a2b910
SSDEEP

393216:MBJ79H3N9bPsbw7FBzILfllYfFQVxse3VoOx:MBN9d97tRBzskfFEsGB

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

LucidSwapper.zip

Resource

win11-20240508-en

redline zgrat discovery infostealer rat spyware stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  LucidSwapper.zip
- Size
  
  16.4MB
- MD5
  
  5e3f7d7cd2a9e777c7715b4113be0e9c
- SHA1
  
  e8b8b6da84866bf8f52d250370d69cd8b7e374e8
- SHA256
  
  4bf36954d0e3a086f4ea0a2f54ead1afc474a7e145296dd3e13c9a23db3e7bac
- SHA512
  
  17b65231264848d249e86d647ca5f5fdb2b4a707b8108f81b1770daae9e0655c03ed44479bc2ad4b625eddc0ef2e62da5a0f7030c8a1c380600f343fb8a2b910
- SSDEEP
  
  393216:MBJ79H3N9bPsbw7FBzILfllYfFQVxse3VoOx:MBN9d97tRBzskfFEsGB
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinezgratdiscoveryinfostealerratspywarestealer

© 2018-2024

Terms | Privacy