General

  • Target

    661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978

  • Size

    700.0MB

  • Sample

    241108-3wyh8avpgq

  • MD5

    76e4e31dd3e40ac6790c83fa48419a55

  • SHA1

    f42363c9ca8325a47efd4f01f177702433d78ff8

  • SHA256

    661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978

  • SHA512

    78ae771f67d5c1c66d2e8ffc1f3dd398b6cd87c6ee813e6108e0f0c8cdfb8cd656c82d3ec4fff7b9d9f84c31e0cfd00b613150bb6eb22ad942c00a5aed379b8e

  • SSDEEP

    98304:NCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJP:N2qM+idivVNKbZfREVtc0PJP

Malware Config

Extracted

Family

redline

Botnet

ws-19

C2

38.91.100.57:32750

Attributes
  • auth_value

    b8974207e31b05e60d39e04eba8eeb0b

Targets

    • Target

      661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978

    • Size

      700.0MB

    • MD5

      76e4e31dd3e40ac6790c83fa48419a55

    • SHA1

      f42363c9ca8325a47efd4f01f177702433d78ff8

    • SHA256

      661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978

    • SHA512

      78ae771f67d5c1c66d2e8ffc1f3dd398b6cd87c6ee813e6108e0f0c8cdfb8cd656c82d3ec4fff7b9d9f84c31e0cfd00b613150bb6eb22ad942c00a5aed379b8e

    • SSDEEP

      98304:NCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJP:N2qM+idivVNKbZfREVtc0PJP

    • Detect ZGRat V2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Zgrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks