General
-
Target
358c9deda98ef5c705447d6272711a7f23860a59
-
Size
3.6MB
-
Sample
241109-evah1awqgw
-
MD5
77526e613ea288bb1d71984839242425
-
SHA1
358c9deda98ef5c705447d6272711a7f23860a59
-
SHA256
253dac045440d4f57c049b87c90f3665c7bb26f8822e71d2b512f4b7f31fc3c0
-
SHA512
909566f561c332c982df8fbb7fc2f1734eeac7741685948bc67ca9a8ba2e1c93419ceae15775fff6e45e0af24c98e507d5e8b54578a22bc7961f25c1ed7d00e7
-
SSDEEP
98304:bVMx9l4O6n0g0tvKmzqdpUV901+ShY5Bk1NtVlB:Cp4O6nKzk5hkWvt7B
Behavioral task
behavioral1
Sample
WhatsApp-cleaned.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
ws-19
38.91.100.57:32750
-
auth_value
b8974207e31b05e60d39e04eba8eeb0b
Targets
-
-
Target
WhatsApp-cleaned.bin
-
Size
3.9MB
-
MD5
eb98e1dcc374d67e71a85ecc848034ec
-
SHA1
002409d45df360fb9902fb60bb316a863c735aa2
-
SHA256
078bbd30cad5587f8dcde105e04046cc56f8d3cef527993faec4341920e6a8eb
-
SHA512
1f168da8f33084c04d7963528bd29fcd81cb6b7e63534096053b1726ebd33b417f4089c16884e1e9d6e4a055c298ccea1f0d22f7970ff951d63efcd4e7f8b76d
-
SSDEEP
98304:oCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJ:o2qM+idivVNKbZfREVtc0PJ
-
Detect ZGRat V2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-