General
-
Target
f42363c9ca8325a47efd4f01f177702433d78ff8
-
Size
5.1MB
-
Sample
241106-qv5jxs1crf
-
MD5
21f4c75dc23cf4a2caa5d73d7ecc5405
-
SHA1
02428ce8ab84804e9d56f6ea847001611bc67fa4
-
SHA256
82ea10edc8a126ed26774707ebb6d5ce828268e260549bd75877fe256e06055f
-
SHA512
eec0704eedd154543f52225c051a2833706d785f85ca192d71a2f5f04010cffc1185c700efde6fbcb0e5729339b9d780891dd5566a6fed1007544b4548489633
-
SSDEEP
98304:xqb3rxxPd0T23L68nY/Xmuthjv3KdP1Nixptcj/hE9QyNXM:4b3VRm228n+bJv6dP1NiHtcuNXM
Behavioral task
behavioral1
Sample
WhatsApp/WhatsApp.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
ws-19
38.91.100.57:32750
-
auth_value
b8974207e31b05e60d39e04eba8eeb0b
Targets
-
-
Target
WhatsApp/WhatsApp.exe
-
Size
700.0MB
-
MD5
76e4e31dd3e40ac6790c83fa48419a55
-
SHA1
f42363c9ca8325a47efd4f01f177702433d78ff8
-
SHA256
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978
-
SHA512
78ae771f67d5c1c66d2e8ffc1f3dd398b6cd87c6ee813e6108e0f0c8cdfb8cd656c82d3ec4fff7b9d9f84c31e0cfd00b613150bb6eb22ad942c00a5aed379b8e
-
SSDEEP
98304:NCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJP:N2qM+idivVNKbZfREVtc0PJP
-
Detect ZGRat V2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-