redline | e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

Sharing

General

Target

e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
Size

7.1MB
Sample

221206-ez4yeahd78
MD5

51dae8d6208cc255aea7ad0eaba77014
SHA1

dd949ae42f7bc491ac29d9d68b8d12379270bb1a
SHA256

e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
SHA512

c3ab44e3e69e8baee8f215ab2297cab20d2fb9a56e375ae86e8e1102f7d43f683cee64bcd3bfcf59d60742bab80b371de3b18fd5519414787d1cf4eb2e992ed5
SSDEEP

196608:F7nmjqCE8cpmmTVPuF2O8ET7pbO0yA7GO:F7nYRE8cQmTVP2vnl7L

Score

10^/10

redline systembc vidar 1569 infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b.exe

Resource

win7-20220812-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b.exe

Resource

win10-20220901-en

redline systembc vidar 1569 infostealer spyware stealer trojan

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Extracted

Family

systembc

C2

89.22.236.225:4193

176.124.205.5:4193

Extracted

Family

vidar

Version

56.1

Botnet

1569

C2

https://t.me/dishasta

https://steamcommunity.com/profiles/76561199441933804

Attributes

profile_id
1569

Targets

- Target
  
  e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
- Size
  
  7.1MB
- MD5
  
  51dae8d6208cc255aea7ad0eaba77014
- SHA1
  
  dd949ae42f7bc491ac29d9d68b8d12379270bb1a
- SHA256
  
  e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
- SHA512
  
  c3ab44e3e69e8baee8f215ab2297cab20d2fb9a56e375ae86e8e1102f7d43f683cee64bcd3bfcf59d60742bab80b371de3b18fd5519414787d1cf4eb2e992ed5
- SSDEEP
  
  196608:F7nmjqCE8cpmmTVPuF2O8ET7pbO0yA7GO:F7nYRE8cQmTVP2vnl7L
Score

10^/10

redline systembc vidar 1569 infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesystembcvidar1569infostealerspywarestealertrojan

© 2018-2025

Terms | Privacy