General

  • Target

    88ad4dfc05f375f97a5ba9b10a8d5d6222cfa1250841ccc5dfe9189c09ad73d2

  • Size

    3.6MB

  • Sample

    241110-p5b5paxdrd

  • MD5

    f41ed49eae48090e080537778600f33a

  • SHA1

    c05a485d43c161511abf3f81cddcb9daee43b8b8

  • SHA256

    88ad4dfc05f375f97a5ba9b10a8d5d6222cfa1250841ccc5dfe9189c09ad73d2

  • SHA512

    b2c1f92622db96b156412f8b7ed0db29300bf0894299dcd63c7cddd7ff534c6753a8db75ec494d0a16cbf09156979d055685a8f5a832c8b01357c79bf5239d35

  • SSDEEP

    98304:V2DKkQIE1lubSgUiwu1s76KMSbakXpV9ITgdAzQ8tjQD4+:W3jXXUfu1cMFkXPxdAzltj44+

Malware Config

Extracted

Family

redline

Botnet

sp-19

C2

38.91.100.57:32750

Attributes
  • auth_value

    7d992d9714ca3423d5efee4459c460c8

Targets

    • Target

      87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5

    • Size

      3.8MB

    • MD5

      5297fc3e53d37d8d673c038dc55efebd

    • SHA1

      f78c4cc2fa80af00cd84128a8a4bcd54b6768206

    • SHA256

      87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5

    • SHA512

      10ade61bbbafadb2cbe9726aaf445e3e3d02cfd36ae86b294c083ac5dd0a5e6fe8fbc421814f5438fd16601c19626f195df4a72eb9f98a06b9a7e1e6d3c19657

    • SSDEEP

      98304:jJoqfS4A/EKZcD0X3lkRtWopFrdTQAI42+:NRFpD0X32GkdTQD4

    • Detect ZGRat V2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Zgrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks