redline

General

Target

bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
Size

311KB
Sample

220621-3lbxgaehbq
MD5

21045458fe4dd24c81d7a27d00228f9a
SHA1

a955d26ab74c8f83d36fc933f94e3a305c8d3265
SHA256

bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
SHA512

3bd28362b0ae100ed7d87efcb99772d39fa20afbb8eaa219cf0283be32ca6eab9fcc9858b4ddbdd2f536c9aef1e59f63d45f49cf6ef250859e7bc841ec76aa48

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

52.7

Botnet

1415

C2

https://t.me/tg_superch

https://climatejustice.social/@olegf9844

Attributes

profile_id
1415

Extracted

Family

redline

Botnet

zenquu

C2

tradigview.xyz:12777

Attributes

auth_value
70ac5f40cef894791e2b507bfc63de4e

Targets

- Target
  
  bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
- Size
  
  311KB
- MD5
  
  21045458fe4dd24c81d7a27d00228f9a
- SHA1
  
  a955d26ab74c8f83d36fc933f94e3a305c8d3265
- SHA256
  
  bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
- SHA512
  
  3bd28362b0ae100ed7d87efcb99772d39fa20afbb8eaa219cf0283be32ca6eab9fcc9858b4ddbdd2f536c9aef1e59f63d45f49cf6ef250859e7bc841ec76aa48
Score

10^/10

redline vidar 1415 zenquu collection discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1