redline | f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba | Triage

Sharing

General

Target

f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
Size

6.0MB
Sample

230310-jkxm1adh7z
MD5

0be2195f5329e5298df9d85c30f812cc
SHA1

302d3acb2bdd6e8f203f4cd822b8e689e659c4e8
SHA256

f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
SHA512

ccce3ba10cf76755b410ec6d0116e3895d340c366c2a30d139e1852db385623f2d6d024943068dcd33850ac61be9010f86a489caecf3440b48d6c7a507255c8c
SSDEEP

98304:38idyGwWZvY2uWaoOzzxi1/6ONVF+Zcfwmb2du3mUiHFE8IUL7vlhEx:siUGwWZvY2FOzFi/+coM2g3mUAuLUL7g

Score

10^/10

redline vidar 2 e8ae4cffdc2bb11850a1df8815a395df infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

2

C2

176.113.115.220:80

Attributes

auth_value
1c7e8b342a4b74a6ab7150111e59bcde

Extracted

Family

vidar

Version

2.9

Botnet

e8ae4cffdc2bb11850a1df8815a395df

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes

profile_id_v2
e8ae4cffdc2bb11850a1df8815a395df

Targets

- Target
  
  f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
- Size
  
  6.0MB
- MD5
  
  0be2195f5329e5298df9d85c30f812cc
- SHA1
  
  302d3acb2bdd6e8f203f4cd822b8e689e659c4e8
- SHA256
  
  f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
- SHA512
  
  ccce3ba10cf76755b410ec6d0116e3895d340c366c2a30d139e1852db385623f2d6d024943068dcd33850ac61be9010f86a489caecf3440b48d6c7a507255c8c
- SSDEEP
  
  98304:38idyGwWZvY2uWaoOzzxi1/6ONVF+Zcfwmb2du3mUiHFE8IUL7vlhEx:siUGwWZvY2FOzFi/+coM2g3mUAuLUL7g
Score

10^/10

redline vidar 2 e8ae4cffdc2bb11850a1df8815a395df infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinevidar2e8ae4cffdc2bb11850a1df8815a395dfinfostealerspywarestealer