redline | 35c45ea469ba26fe2b6d8dfc626006070a5b27378c060b1c7e38edb94a26490c | Triage

Submit
Reports

Overview

overview

Static

static

5bd89f2219...72.exe

windows7-x64

5bd89f2219...72.exe

windows10-2004-x64

Sharing

General

Target

5bd89f22193f6b9f30286ecff6eed072.exe
Size

352KB
Sample

221027-ecep1aaecr
MD5

5bd89f22193f6b9f30286ecff6eed072
SHA1

e14935e400d03526d972c5f3948ad718e7155525
SHA256

35c45ea469ba26fe2b6d8dfc626006070a5b27378c060b1c7e38edb94a26490c
SHA512

30d839455a216fba71f1ec1c9448ed954bcbad9a8592a093ee0968da93ad93cfb865b3d6e8cbb6b9cb40fd9fac1c764339779844f49894728a4afc5814347e37
SSDEEP

6144:uVg7Y+ceBD+MMkUZhMQN4HqeZnCm0AOAx+32jG4WNC9uFVzj3kSFRdh:u+Y+ceBD+DLhJtZOXtuXkSHdh

Score

10^/10

redline vidar 1707 evasion infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5bd89f22193f6b9f30286ecff6eed072.exe

Resource

win7-20220812-en

redline vidar 1707 infostealer spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

5bd89f22193f6b9f30286ecff6eed072.exe

Resource

win10v2004-20220812-en

redline vidar 1707 evasion infostealer spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

193.164.16.192:47029

Attributes

auth_value
cbdeb17735c6f7affad6a080e4be73a8

Extracted

Family

vidar

Version

55.2

Botnet

1707

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1707

Targets

- Target
  
  5bd89f22193f6b9f30286ecff6eed072.exe
- Size
  
  352KB
- MD5
  
  5bd89f22193f6b9f30286ecff6eed072
- SHA1
  
  e14935e400d03526d972c5f3948ad718e7155525
- SHA256
  
  35c45ea469ba26fe2b6d8dfc626006070a5b27378c060b1c7e38edb94a26490c
- SHA512
  
  30d839455a216fba71f1ec1c9448ed954bcbad9a8592a093ee0968da93ad93cfb865b3d6e8cbb6b9cb40fd9fac1c764339779844f49894728a4afc5814347e37
- SSDEEP
  
  6144:uVg7Y+ceBD+MMkUZhMQN4HqeZnCm0AOAx+32jG4WNC9uFVzj3kSFRdh:u+Y+ceBD+DLhJtZOXtuXkSHdh
Score

10^/10

redline vidar 1707 infostealer spyware stealer evasion
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinevidar1707infostealerspywarestealer

behavioral2

redlinevidar1707evasioninfostealerspywarestealer

© 2018-2024

Terms | Privacy