redline | bcd2691b8d5ecc63a9c9681f3098fd58f97eb7ae50ca332bc4949c3a56980b9f | Triage

Submit
Reports

Overview

overview

Static

static

Setup_x32_x64.exe

windows10_x64

Sharing

General

Target

Setup_x32_x64 SAMPLE pw to decrypt 1234.zip
Size

3.9MB
Sample

210706-m4vcz68vlx
MD5

34da95b0d6b3cab7d5a51c5ed44516c5
SHA1

8650367904298577d4144b35dfc93e99ea29815d
SHA256

bcd2691b8d5ecc63a9c9681f3098fd58f97eb7ae50ca332bc4949c3a56980b9f
SHA512

24a1acdeff6b75506466a3090a36a2d5963fd7cc68e38c85c5059452417d071803f1931095d59544470d53d6234defab20a907f1efa47d9997dafc6d49c342ec

Score

10^/10

redline socelars vidar 18_6_bl_84s7 890 infostealer stealer vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

Setup_x32_x64.exe

Resource

win10v20210410

redline socelars vidar 18_6_bl_84s7 890 infostealer stealer vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

18_6_bl_84s7

C2

qitoshalan.xyz:80

Extracted

Family

vidar

Version

39.4

Botnet

890

C2

https://sergeevih43.tumblr.com

Attributes

profile_id
890

Targets

- Target
  
  Setup_x32_x64.exe
- Size
  
  4.0MB
- MD5
  
  2fbe3fc92918cd1aa9ddec65fcf4b7cf
- SHA1
  
  f95088523801655d3898baac926ac07e11f210ae
- SHA256
  
  8c267ef433aeb2d0304f0b848f9d98ed0a4264cc284d108854c1b13253121c6f
- SHA512
  
  61ac7c438fc725d266a54d7d9447f612c96137d811eacc3f8ce1b16cc9f5dbe80da73584dad4f420dc671aa382af462a4ae8e2658cef2bf336576c5caa2967f0
Score

10^/10

redline socelars vidar 18_6_bl_84s7 890 infostealer stealer vmprotect
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Socelars Payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- autoit_exe
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinesocelarsvidar18_6_bl_84s7890infostealerstealervmprotect

© 2018-2024

Terms | Privacy