General
-
Target
1ec60f583df45cf78dc16a11a660fddf654cb23a85d3856fe2854caf6faf6a1d
-
Size
284KB
-
Sample
220621-tzy5gsfgcj
-
MD5
f0522c60be8702f809fe877aa43727df
-
SHA1
f456e3fa2ecf98ede42b56e681ebe4bfbf2e9200
-
SHA256
1ec60f583df45cf78dc16a11a660fddf654cb23a85d3856fe2854caf6faf6a1d
-
SHA512
c5b56870f1b3d36234e32a8d658a66c4f696c949a7d0d6661b5a8b9dc87de81ca9546b115332b7d8c1351d0e75a6bd7622d176f701b32854000c521757a9d894
Static task
static1
Behavioral task
behavioral1
Sample
1ec60f583df45cf78dc16a11a660fddf654cb23a85d3856fe2854caf6faf6a1d.exe
Resource
win10-20220414-en
Malware Config
Extracted
vidar
52.6
1415
https://t.me/tg_dailylessons
https://busshi.moe/@olegf9844xx
-
profile_id
1415
Extracted
redline
mario2
193.106.191.129:80
-
auth_value
4ef7e3fec3a418b2f0233b604d0560d9
Targets
-
-
Target
1ec60f583df45cf78dc16a11a660fddf654cb23a85d3856fe2854caf6faf6a1d
-
Size
284KB
-
MD5
f0522c60be8702f809fe877aa43727df
-
SHA1
f456e3fa2ecf98ede42b56e681ebe4bfbf2e9200
-
SHA256
1ec60f583df45cf78dc16a11a660fddf654cb23a85d3856fe2854caf6faf6a1d
-
SHA512
c5b56870f1b3d36234e32a8d658a66c4f696c949a7d0d6661b5a8b9dc87de81ca9546b115332b7d8c1351d0e75a6bd7622d176f701b32854000c521757a9d894
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-