General
-
Target
bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
-
Size
311KB
-
Sample
220621-3lbxgaehbq
-
MD5
21045458fe4dd24c81d7a27d00228f9a
-
SHA1
a955d26ab74c8f83d36fc933f94e3a305c8d3265
-
SHA256
bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
-
SHA512
3bd28362b0ae100ed7d87efcb99772d39fa20afbb8eaa219cf0283be32ca6eab9fcc9858b4ddbdd2f536c9aef1e59f63d45f49cf6ef250859e7bc841ec76aa48
Static task
static1
Behavioral task
behavioral1
Sample
bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760.exe
Resource
win10-20220414-en
Malware Config
Extracted
vidar
52.7
1415
https://t.me/tg_superch
https://climatejustice.social/@olegf9844
-
profile_id
1415
Extracted
redline
zenquu
tradigview.xyz:12777
-
auth_value
70ac5f40cef894791e2b507bfc63de4e
Targets
-
-
Target
bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
-
Size
311KB
-
MD5
21045458fe4dd24c81d7a27d00228f9a
-
SHA1
a955d26ab74c8f83d36fc933f94e3a305c8d3265
-
SHA256
bf88763cc6b6f48e5a2ddd775c54b31382628d05ca5c5436b7c0406a89cd0760
-
SHA512
3bd28362b0ae100ed7d87efcb99772d39fa20afbb8eaa219cf0283be32ca6eab9fcc9858b4ddbdd2f536c9aef1e59f63d45f49cf6ef250859e7bc841ec76aa48
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-