redline | d7a032dc8f21dde9e4707cc74c4bf6b194ad44c8203d73e36671cd9e74397a34 | Triage

Submit
Reports

Overview

overview

Static

static

x86_x64_setup.exe

windows10_x64

Sharing

General

Target

x86_x64_setup SAMPLE.zip
Size

3.7MB
Sample

210704-ne1xw64qae
MD5

6843313bfe81702cea12eebc67ca0e1f
SHA1

be6e31936f578e147fe13f74c27ad4563a7ff899
SHA256

d7a032dc8f21dde9e4707cc74c4bf6b194ad44c8203d73e36671cd9e74397a34
SHA512

1d439208de8111dbba4873d144964da34a1bd78552ded51d903915a8cf5ee282557a8789c4b9332863c4694e7d1e6761dbe2c0dc50df0f047613e6f9aecaee60

Score

10^/10

redline smokeloader vidar 933 cana aspackv2 backdoor infostealer stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

x86_x64_setup.exe

Resource

win10v20210410

redline smokeloader vidar 933 cana aspackv2 backdoor infostealer stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

39.4

Botnet

933

C2

https://sergeevih43.tumblr.com

Attributes

profile_id
933

Extracted

Family

redline

Botnet

Cana

C2

176.111.174.254:56328

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  x86_x64_setup.exe
- Size
  
  3.7MB
- MD5
  
  6611fc032e738e6510e8739a4b6dd41d
- SHA1
  
  e51aa30c9670067556da16ae08ba3b6bbcee5c35
- SHA256
  
  fc6e67ad77ea40e959531734eee1258b1d3c475b96692ea28a8372f45c3b62ca
- SHA512
  
  63ed2fdcdac5de13bb3607f8c15b0344cbbe22f04886d269386d3f008bdb262d5e358cbbdb94d77929e7b8881a1a4fdbf1c0b293422409c402d71b9d7614ee57
Score

10^/10

redline smokeloader vidar 933 cana aspackv2 backdoor infostealer stealer trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinesmokeloadervidar933canaaspackv2backdoorinfostealerstealertrojanupx

© 2018-2024

Terms | Privacy