General
-
Target
2EFF901EF4CF8B00DE5175F76D3AC063.exe
-
Size
3.3MB
-
Sample
210610-138xe1ezns
-
MD5
2eff901ef4cf8b00de5175f76d3ac063
-
SHA1
ddced83c9dac9068e1e3a0e8749e13e96e920e11
-
SHA256
9af78eaab9a5026570cbc435528e33834c63795f882f5407d52a633825ef2578
-
SHA512
041918f144ecaa2f6f054600013c8ad86fd134f37a061898238d56d434318245a00a2975eeb74600fb41ac07a85c63414832a63e4db427d3fd9bf3bde7a03ece
Static task
static1
Behavioral task
behavioral1
Sample
2EFF901EF4CF8B00DE5175F76D3AC063.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2EFF901EF4CF8B00DE5175F76D3AC063.exe
Resource
win10v20210410
Malware Config
Extracted
vidar
39.3
706
https://bandakere.tumblr.com
-
profile_id
706
Targets
-
-
Target
2EFF901EF4CF8B00DE5175F76D3AC063.exe
-
Size
3.3MB
-
MD5
2eff901ef4cf8b00de5175f76d3ac063
-
SHA1
ddced83c9dac9068e1e3a0e8749e13e96e920e11
-
SHA256
9af78eaab9a5026570cbc435528e33834c63795f882f5407d52a633825ef2578
-
SHA512
041918f144ecaa2f6f054600013c8ad86fd134f37a061898238d56d434318245a00a2975eeb74600fb41ac07a85c63414832a63e4db427d3fd9bf3bde7a03ece
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-