redline | 00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f | Triage

Submit
Reports

Overview

overview

Static

static

00845b50cf...6f.exe

windows7_x64

00845b50cf...6f.exe

windows10-2004_x64

Sharing

General

Target

00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f.bin
Size

2.1MB
Sample

220209-qd545aadd6
MD5

af023194ef53d801d374ba35d4a599a9
SHA1

b57ecfe21102ef49633774e7f3ff5c72ed5d5f79
SHA256

00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f
SHA512

b80fec9084eccd6ebe77c64fd3f7471ca6d82db7b2a038a6f52463318375ae1792c48301015fb012101c6e3a5d1e2316567b49a4da22268a38245390e1067ef9

Score

10^/10

redline smokeloader vidar 706 test1 aspackv2 backdoor infostealer stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f.exe

Resource

win7-en-20211208

redline test1 aspackv2 infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f.exe

Resource

win10v2004-en-20220112

smokeloader vidar 706 aspackv2 backdoor stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.15:61506

Extracted

Family

vidar

Version

40

Botnet

706

C2

https://lenak513.tumblr.com/

Attributes

profile_id
706

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f.bin
- Size
  
  2.1MB
- MD5
  
  af023194ef53d801d374ba35d4a599a9
- SHA1
  
  b57ecfe21102ef49633774e7f3ff5c72ed5d5f79
- SHA256
  
  00845b50cfa3de2190ea23036f82809b6f37da03d5946bbd5aa9b4704b454b6f
- SHA512
  
  b80fec9084eccd6ebe77c64fd3f7471ca6d82db7b2a038a6f52463318375ae1792c48301015fb012101c6e3a5d1e2316567b49a4da22268a38245390e1067ef9
Score

10^/10

redline test1 aspackv2 infostealer smokeloader vidar 706 backdoor stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinetest1aspackv2infostealer

behavioral2

smokeloadervidar706aspackv2backdoorstealertrojan

© 2018-2024

Terms | Privacy