redline

General

Target

6862d545099fbcd8f04ce2f209b27335baa9167ac22776d340daac4709dd14b0
Size

312KB
Sample

220622-dhcbdsgcen
MD5

411368f03511ed265abfc250cafaaeba
SHA1

a94bb81a6d25f38553f6dedadea6670903b57405
SHA256

6862d545099fbcd8f04ce2f209b27335baa9167ac22776d340daac4709dd14b0
SHA512

cd607128a112630e27cbcb8f1155314f93648e48b4ff61c51940dd14fcbf81eb0c1aed7ad46ff54d9650a45c2d8d0f83f89a1f0efa255af603391b52edc2be45

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

52.7

Botnet

1415

C2

https://t.me/tg_superch

https://climatejustice.social/@olegf9844

Attributes

profile_id
1415

Extracted

Family

redline

Botnet

zenquu

C2

tradigview.xyz:12777

Attributes

auth_value
70ac5f40cef894791e2b507bfc63de4e

Extracted

Family

redline

Botnet

mario2

C2

193.106.191.129:80

Attributes

auth_value
4ef7e3fec3a418b2f0233b604d0560d9

Targets

- Target
  
  6862d545099fbcd8f04ce2f209b27335baa9167ac22776d340daac4709dd14b0
- Size
  
  312KB
- MD5
  
  411368f03511ed265abfc250cafaaeba
- SHA1
  
  a94bb81a6d25f38553f6dedadea6670903b57405
- SHA256
  
  6862d545099fbcd8f04ce2f209b27335baa9167ac22776d340daac4709dd14b0
- SHA512
  
  cd607128a112630e27cbcb8f1155314f93648e48b4ff61c51940dd14fcbf81eb0c1aed7ad46ff54d9650a45c2d8d0f83f89a1f0efa255af603391b52edc2be45
Score

10^/10

redline vidar 1415 mario2 zenquu collection discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
  suricata
- suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
  suricata
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1