redline | 883b6f5c31ec03351af23f7f0a1a9f521b40e938393075c3a05c786f617c4d3b | Triage

Sharing

General

Target

2024-09-20_bf9f2d91c84f08138ee94774deba4af7_poet-rat_snatch
Size

4.9MB
Sample

240920-g77qdasglb
MD5

bf9f2d91c84f08138ee94774deba4af7
SHA1

05f5412b36c77cfc6109aa49578330c0f12b32d1
SHA256

883b6f5c31ec03351af23f7f0a1a9f521b40e938393075c3a05c786f617c4d3b
SHA512

5e36148e3d404a44fa623576cbe6cd4bfa525567c1b91edfdb862719e9bd21be37983e405141ff7b4d397b371c6765979cd1186b72e1801b9e72deca55fb9103
SSDEEP

49152:Wztyl6vJ2raXerXv/oV/5EKKyVzpMmd6CAzHXFOp+MdawAb8cOWthHMQRWz8ZS0e:Eyafav/lrzHEpib8dW7w8LR+

Score

10^/10

redline vidar 1 78d7ca0ed263e8aca23be6d8197b2dce discovery infostealer stealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

176.113.115.220:80

Attributes

auth_value
b6c86adb7106e9ee7247628f59e06830

Extracted

Family

vidar

Version

2.9

Botnet

78d7ca0ed263e8aca23be6d8197b2dce

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes

profile_id_v2
78d7ca0ed263e8aca23be6d8197b2dce
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Targets

- Target
  
  2024-09-20_bf9f2d91c84f08138ee94774deba4af7_poet-rat_snatch
- Size
  
  4.9MB
- MD5
  
  bf9f2d91c84f08138ee94774deba4af7
- SHA1
  
  05f5412b36c77cfc6109aa49578330c0f12b32d1
- SHA256
  
  883b6f5c31ec03351af23f7f0a1a9f521b40e938393075c3a05c786f617c4d3b
- SHA512
  
  5e36148e3d404a44fa623576cbe6cd4bfa525567c1b91edfdb862719e9bd21be37983e405141ff7b4d397b371c6765979cd1186b72e1801b9e72deca55fb9103
- SSDEEP
  
  49152:Wztyl6vJ2raXerXv/oV/5EKKyVzpMmd6CAzHXFOp+MdawAb8cOWthHMQRWz8ZS0e:Eyafav/lrzHEpib8dW7w8LR+
Score

10^/10

discovery redline vidar 1 78d7ca0ed263e8aca23be6d8197b2dce infostealer stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinevidar178d7ca0ed263e8aca23be6d8197b2dcediscoveryinfostealerstealer