redline

General

Target

253dac045440d4f57c049b87c90f3665c7bb26f8822e71d2b512f4b7f31fc3c0
Size

3.6MB
Sample

241108-wkrg7syqhr
MD5

77526e613ea288bb1d71984839242425
SHA1

358c9deda98ef5c705447d6272711a7f23860a59
SHA256

253dac045440d4f57c049b87c90f3665c7bb26f8822e71d2b512f4b7f31fc3c0
SHA512

909566f561c332c982df8fbb7fc2f1734eeac7741685948bc67ca9a8ba2e1c93419ceae15775fff6e45e0af24c98e507d5e8b54578a22bc7961f25c1ed7d00e7
SSDEEP

98304:bVMx9l4O6n0g0tvKmzqdpUV901+ShY5Bk1NtVlB:Cp4O6nKzk5hkWvt7B

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

ws-19

C2

38.91.100.57:32750

Attributes

auth_value
b8974207e31b05e60d39e04eba8eeb0b

Targets

- Target
  
  WhatsApp-cleaned.bin
- Size
  
  3.9MB
- MD5
  
  eb98e1dcc374d67e71a85ecc848034ec
- SHA1
  
  002409d45df360fb9902fb60bb316a863c735aa2
- SHA256
  
  078bbd30cad5587f8dcde105e04046cc56f8d3cef527993faec4341920e6a8eb
- SHA512
  
  1f168da8f33084c04d7963528bd29fcd81cb6b7e63534096053b1726ebd33b417f4089c16884e1e9d6e4a055c298ccea1f0d22f7970ff951d63efcd4e7f8b76d
- SSDEEP
  
  98304:oCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJ:o2qM+idivVNKbZfREVtc0PJ
Score

10^/10

redline zgrat ws-19 agilenet discovery infostealer rat
- Detect ZGRat V2
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Zgrat family
  zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V2

RedLine payload

Redline family

ZGRat

Zgrat family

Checks computer location settings

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2