General
-
Target
Setup_x32_x64 SAMPLE pw to decrypt 1234.zip
-
Size
3.9MB
-
Sample
210706-m4vcz68vlx
-
MD5
34da95b0d6b3cab7d5a51c5ed44516c5
-
SHA1
8650367904298577d4144b35dfc93e99ea29815d
-
SHA256
bcd2691b8d5ecc63a9c9681f3098fd58f97eb7ae50ca332bc4949c3a56980b9f
-
SHA512
24a1acdeff6b75506466a3090a36a2d5963fd7cc68e38c85c5059452417d071803f1931095d59544470d53d6234defab20a907f1efa47d9997dafc6d49c342ec
Static task
static1
Behavioral task
behavioral1
Sample
Setup_x32_x64.exe
Resource
win10v20210410
Malware Config
Extracted
redline
18_6_bl_84s7
qitoshalan.xyz:80
Extracted
vidar
39.4
890
https://sergeevih43.tumblr.com
-
profile_id
890
Targets
-
-
Target
Setup_x32_x64.exe
-
Size
4.0MB
-
MD5
2fbe3fc92918cd1aa9ddec65fcf4b7cf
-
SHA1
f95088523801655d3898baac926ac07e11f210ae
-
SHA256
8c267ef433aeb2d0304f0b848f9d98ed0a4264cc284d108854c1b13253121c6f
-
SHA512
61ac7c438fc725d266a54d7d9447f612c96137d811eacc3f8ce1b16cc9f5dbe80da73584dad4f420dc671aa382af462a4ae8e2658cef2bf336576c5caa2967f0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Vidar Stealer
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
autoit_exe
AutoIT scripts compiled to PE executables.
-