redline | e7c3cff0ae5c18797117676076ccd7c501fc47d2e0da7e61826ed234eb4bed43 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...61.exe

windows7-x64

SecuriteIn...61.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.28867.21061.exe
Size

222KB
Sample

221229-cy6phafc3w
MD5

30c8660605b151540f9b0072d6600503
SHA1

3a9a44923592823bf83bd47d89736931f1502065
SHA256

e7c3cff0ae5c18797117676076ccd7c501fc47d2e0da7e61826ed234eb4bed43
SHA512

69367cdecfd63f9af80a52b73226567e83f5819782e318c242d7b6e44906b51378e3f2ffb68a0c2a1eecda9ce2260f1bce4cfb853a502750160673e388195464
SSDEEP

3072:9lUzLCv5/a2Zb+H59cMlzAD7gdxAIRwD3tdmdhxH:ALCVPZb+H9zEUxAOi3tm

Score

10^/10

redline smokeloader vidar 788 installs backdoor infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.28867.21061.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.28867.21061.exe

Resource

win10v2004-20220901-en

redline smokeloader vidar 788 installs backdoor infostealer spyware stealer trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

installs

C2

77.73.134.57:20368

Attributes

auth_value
018d84fd84774560e4827f12acc7d4af

Extracted

Family

vidar

Version

1.7

Botnet

788

C2

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097

Attributes

profile_id
788

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.28867.21061.exe
- Size
  
  222KB
- MD5
  
  30c8660605b151540f9b0072d6600503
- SHA1
  
  3a9a44923592823bf83bd47d89736931f1502065
- SHA256
  
  e7c3cff0ae5c18797117676076ccd7c501fc47d2e0da7e61826ed234eb4bed43
- SHA512
  
  69367cdecfd63f9af80a52b73226567e83f5819782e318c242d7b6e44906b51378e3f2ffb68a0c2a1eecda9ce2260f1bce4cfb853a502750160673e388195464
- SSDEEP
  
  3072:9lUzLCv5/a2Zb+H59cMlzAD7gdxAIRwD3tdmdhxH:ALCVPZb+H9zEUxAOi3tm
Score

10^/10

smokeloader backdoor trojan redline vidar 788 installs infostealer spyware stealer
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

redlinesmokeloadervidar788installsbackdoorinfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy