Overview

overview

10

Static

static

d4359d5d0b...74.exe

windows7_x64

10

d4359d5d0b...74.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4359d5d0bbe9828a1340fb1d8537a74

  • Size

    6.7MB

  • Sample

    210825-b52wfpj8qe

  • MD5

    d4359d5d0bbe9828a1340fb1d8537a74

  • SHA1

    5c8805bd3c08d9866748ac033d9e0497bb84761c

  • SHA256

    57e2f9ee6aaad4097ac2b1151fe1cf9546c8fbc470670b73c8039285f4fd4db5

  • SHA512

    3ea8565784f17f44f1236d4176146e335e409f84514fff3c8d3a0099d8e7fe02dde340319e910b04296010df5e050835aa68bb62b40c1d18cd2c985ab23c2751

Score
10/10
netsupportredlinevidar3allsupdiscoveryinfostealerratstealersuricata

Malware Config

Extracted

Family

redline

Botnet

3

C2

deyrolorme.xyz:80

xariebelal.xyz:80

anihelardd.xyz:80

Extracted

Family

redline

Botnet

allsup

C2

188.124.36.242:25802

Targets

    • Target

      d4359d5d0bbe9828a1340fb1d8537a74

    • Size

      6.7MB

    • MD5

      d4359d5d0bbe9828a1340fb1d8537a74

    • SHA1

      5c8805bd3c08d9866748ac033d9e0497bb84761c

    • SHA256

      57e2f9ee6aaad4097ac2b1151fe1cf9546c8fbc470670b73c8039285f4fd4db5

    • SHA512

      3ea8565784f17f44f1236d4176146e335e409f84514fff3c8d3a0099d8e7fe02dde340319e910b04296010df5e050835aa68bb62b40c1d18cd2c985ab23c2751

    Score
    10/10
    redlinevidar3allsupdiscoveryinfostealerstealersuricatanetsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Vidar Stealer

      stealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks