General

  • Target

    2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch

  • Size

    4.9MB

  • Sample

    241109-1jq79sshmr

  • MD5

    38d7df59a0be5dbe7fbefe539e30b4e0

  • SHA1

    7072b1276817a58ad812580b01de85264f9fef23

  • SHA256

    54aefaffd90d65aa379f23ec7bba7f017d2181cd1d6fe1dd11e86d3a29196545

  • SHA512

    a00909ab746a5da5ba84c0c810620f23edf9a7e163c9a9f8fdc26df71a2422a9b98f0ec433ccd5bc6a8e8bbc067b4027fde7b06e83cb4be6bccf1bccaecf4aaf

  • SSDEEP

    49152:lF9r2hTF2Fs3Dghu/QV/5EKKyVzpMM7UVQzSX5Hxy600cstUtsOEguoI5GRdKegl:FronAu/XezSlxftUWOWe8LY+

Malware Config

Extracted

Family

vidar

Version

2.9

Botnet

e8ae4cffdc2bb11850a1df8815a395df

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes
  • profile_id_v2

    e8ae4cffdc2bb11850a1df8815a395df

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Extracted

Family

redline

Botnet

2

C2

176.113.115.220:80

Attributes
  • auth_value

    1c7e8b342a4b74a6ab7150111e59bcde

Targets

    • Target

      2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch

    • Size

      4.9MB

    • MD5

      38d7df59a0be5dbe7fbefe539e30b4e0

    • SHA1

      7072b1276817a58ad812580b01de85264f9fef23

    • SHA256

      54aefaffd90d65aa379f23ec7bba7f017d2181cd1d6fe1dd11e86d3a29196545

    • SHA512

      a00909ab746a5da5ba84c0c810620f23edf9a7e163c9a9f8fdc26df71a2422a9b98f0ec433ccd5bc6a8e8bbc067b4027fde7b06e83cb4be6bccf1bccaecf4aaf

    • SSDEEP

      49152:lF9r2hTF2Fs3Dghu/QV/5EKKyVzpMM7UVQzSX5Hxy600cstUtsOEguoI5GRdKegl:FronAu/XezSlxftUWOWe8LY+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks