redline

General

Target

7434786167.zip
Size

5.4MB
Sample

220520-nm23qaahg3
MD5

48b1caa5028ee44b155b92e8826d42f1
SHA1

96b57679b4a2eb360f0bf25f57920176167f4423
SHA256

33bbf133844c61c4e4f9207411a912c02d2c1cd1c25d582a5044c658d48cc9ca
SHA512

e401d73084c47b021f7476213aa3915cfc89deb3d1d632d55798c2192d5e556b07356d067ad7af7bbddde2a18dc53abd398d90c0a9d9b3f0df8f41bb168a764f

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

52.2

Botnet

1281

C2

https://t.me/netflixaccsfree

Attributes

profile_id
1281

Targets

- Target
  
  setup/AISetup-Crack.exe
- Size
  
  2.4MB
- MD5
  
  a6f2af8aa201a51b90ce7242736a7af4
- SHA1
  
  303184b65412f10df9e3860a7b3337e165c820db
- SHA256
  
  7e29a55958df55dcc4bb4e563111659226cdac60bc7141f8124acaa8eac66565
- SHA512
  
  dd5271e62bb7f69b217ea912c378cccf41f4132efe48e4ac11fe04d6869d3db13cc52dd991507d1ba081b88bcbc8c96324a11d7a1623937be2a0403c353d7650
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  setup/Pre-Activated-Setup.exe
- Size
  
  405.2MB
- MD5
  
  3cf359cf5a3c86167e554882c9d26dc4
- SHA1
  
  fd80122deab8904889dfa69df600554eac8090ff
- SHA256
  
  b61864510b59420f82383f1377bba51822f2c481fe8a166c5eeda292a2258eaa
- SHA512
  
  e8e4047c2863715686fa5205175572fce0f05d501a762310e88eba064cd857737f49948785fa4fff54dc60da2430f60ef2f8e3ca13727d48c8192546a65b79db
Score

10^/10

vidar 1281 discovery evasion spyware stealer suricata trojan
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Vidar Stealer
  stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4