redline | 813ffce8015db19d68dfdaf4e6dc901b2430b13d7d7683794d008b2b30926cad | Triage

Submit
Reports

Overview

overview

Static

static

5669D6ACCA...06.exe

windows7_x64

5669D6ACCA...06.exe

windows10_x64

Sharing

General

Target

5669D6ACCAFAF0DE7BC22C42B1B09006.exe
Size

2.8MB
Sample

210713-pmnl55s5kj
MD5

5669d6accafaf0de7bc22c42b1b09006
SHA1

0e0f3a0d114c77b9ac1e0f9d128a275c80157f75
SHA256

813ffce8015db19d68dfdaf4e6dc901b2430b13d7d7683794d008b2b30926cad
SHA512

650ea7eb2c2e56a189826e90e6cc28dc91ac1d1a9b1160993224afbde8e631b79f82d54d18e3b8962b0771779de99958e9ae453097093dd80cd60e0e60900a73

Score

10^/10

redline smokeloader vidar 933 cana aspackv2 backdoor evasion infostealer stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5669D6ACCAFAF0DE7BC22C42B1B09006.exe

Resource

win7v20210410

redline smokeloader vidar 933 cana aspackv2 backdoor infostealer stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5669D6ACCAFAF0DE7BC22C42B1B09006.exe

Resource

win10v20210408

redline smokeloader vidar 933 cana aspackv2 backdoor evasion infostealer stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vidar

Version

39.4

Botnet

933

C2

https://sergeevih43.tumblr.com/

Attributes

profile_id
933

Extracted

Family

redline

Botnet

Cana

C2

176.111.174.254:56328

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  5669D6ACCAFAF0DE7BC22C42B1B09006.exe
- Size
  
  2.8MB
- MD5
  
  5669d6accafaf0de7bc22c42b1b09006
- SHA1
  
  0e0f3a0d114c77b9ac1e0f9d128a275c80157f75
- SHA256
  
  813ffce8015db19d68dfdaf4e6dc901b2430b13d7d7683794d008b2b30926cad
- SHA512
  
  650ea7eb2c2e56a189826e90e6cc28dc91ac1d1a9b1160993224afbde8e631b79f82d54d18e3b8962b0771779de99958e9ae453097093dd80cd60e0e60900a73
Score

10^/10

redline smokeloader vidar 933 cana aspackv2 backdoor infostealer stealer trojan evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinesmokeloadervidar933canaaspackv2backdoorinfostealerstealertrojan

behavioral2

redlinesmokeloadervidar933canaaspackv2backdoorevasioninfostealerstealertrojan

© 2018-2024

Terms | Privacy