General
-
Target
AE8205ABE6BE03A6FBC9C0645BD4AD99.exe
-
Size
3.3MB
-
Sample
210625-1wnagyw8ze
-
MD5
ae8205abe6be03a6fbc9c0645bd4ad99
-
SHA1
bc74750f5b29471438738fad3574aab2dcd33fa4
-
SHA256
5c5a71fd5e122ae176b592ae080a18f61b38653ab9405e1724dfe053ddbf6d1c
-
SHA512
5a9584386b7bd6d2b2415edc3fbd5bb941af94c78339146e4a6e3906dccb0ef12ac7c33c13b3e6e3f5cf59ea4dc42e6ea2bf5df76f3b1a0815fe6705e8563844
Static task
static1
Behavioral task
behavioral1
Sample
AE8205ABE6BE03A6FBC9C0645BD4AD99.exe
Resource
win7v20210408
Malware Config
Extracted
vidar
39.4
706
https://sergeevih43.tumblr.com
-
profile_id
706
Extracted
redline
Cana
176.111.174.254:56328
Extracted
redline
NewAni
changidwia.xyz:80
Extracted
redline
25_6_r
rdanoriran.xyz:80
Extracted
fickerstealer
bukkva.club:80
Targets
-
-
Target
AE8205ABE6BE03A6FBC9C0645BD4AD99.exe
-
Size
3.3MB
-
MD5
ae8205abe6be03a6fbc9c0645bd4ad99
-
SHA1
bc74750f5b29471438738fad3574aab2dcd33fa4
-
SHA256
5c5a71fd5e122ae176b592ae080a18f61b38653ab9405e1724dfe053ddbf6d1c
-
SHA512
5a9584386b7bd6d2b2415edc3fbd5bb941af94c78339146e4a6e3906dccb0ef12ac7c33c13b3e6e3f5cf59ea4dc42e6ea2bf5df76f3b1a0815fe6705e8563844
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-