General
-
Target
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa.exe
-
Size
304KB
-
Sample
240524-pt4qkacf58
-
MD5
84bf36993bdd61d216e83fe391fcc7fd
-
SHA1
e023212e847a54328aaea05fbe41eb4828855ce6
-
SHA256
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa
-
SHA512
bb3241949618ad2d39057e085e150f43b4d41d74efc4658d9c27f8c0ec80420191517a2c0b6b7e225c4e50e02cd031cdfd178e05b9a869847a3c27b210d09caf
-
SSDEEP
3072:aq6EgY6igrUjXwwRwPfhlogDHGjZyTAZtAsiLVcZqf7D34leqiOLibBOO:ZqY6i7wPnpiZyTAfAPVcZqf7DIvL
Behavioral task
behavioral1
Sample
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
1
185.215.113.67:40960
Extracted
stealc
Extracted
vidar
https://steamcommunity.com/profiles/76561199686524322
https://t.me/k0mono
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 Ddg/17.4.1
Targets
-
-
Target
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa.exe
-
Size
304KB
-
MD5
84bf36993bdd61d216e83fe391fcc7fd
-
SHA1
e023212e847a54328aaea05fbe41eb4828855ce6
-
SHA256
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa
-
SHA512
bb3241949618ad2d39057e085e150f43b4d41d74efc4658d9c27f8c0ec80420191517a2c0b6b7e225c4e50e02cd031cdfd178e05b9a869847a3c27b210d09caf
-
SSDEEP
3072:aq6EgY6igrUjXwwRwPfhlogDHGjZyTAZtAsiLVcZqf7D34leqiOLibBOO:ZqY6i7wPnpiZyTAfAPVcZqf7DIvL
-
Detect Vidar Stealer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-