redline

General

Target

23ef7f3c86c27467f4d31ef26398e79203c03245c0cffbf5258d5d31de27fd2e
Size

283KB
Sample

220621-2g4agsged3
MD5

14df67bf3c677986d2ba54ff92b272f2
SHA1

aeb20e2692b7f980919b15970816590e686acf00
SHA256

23ef7f3c86c27467f4d31ef26398e79203c03245c0cffbf5258d5d31de27fd2e
SHA512

1fc46bb36c133ce5523e2b66b91f09d7f2a34584fd81cc3463f66c779159716488a08d534e519e75408bd2f5756da348f148fd406821d1f6ad715f240d0693a9

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

52.7

Botnet

1415

C2

https://t.me/tg_superch

https://climatejustice.social/@olegf9844

Attributes

profile_id
1415

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  23ef7f3c86c27467f4d31ef26398e79203c03245c0cffbf5258d5d31de27fd2e
- Size
  
  283KB
- MD5
  
  14df67bf3c677986d2ba54ff92b272f2
- SHA1
  
  aeb20e2692b7f980919b15970816590e686acf00
- SHA256
  
  23ef7f3c86c27467f4d31ef26398e79203c03245c0cffbf5258d5d31de27fd2e
- SHA512
  
  1fc46bb36c133ce5523e2b66b91f09d7f2a34584fd81cc3463f66c779159716488a08d534e519e75408bd2f5756da348f148fd406821d1f6ad715f240d0693a9
Score

10^/10

redline vidar 1415 mario2 collection discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1