General
-
Target
2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch
-
Size
4.9MB
-
Sample
241109-1jq79sshmr
-
MD5
38d7df59a0be5dbe7fbefe539e30b4e0
-
SHA1
7072b1276817a58ad812580b01de85264f9fef23
-
SHA256
54aefaffd90d65aa379f23ec7bba7f017d2181cd1d6fe1dd11e86d3a29196545
-
SHA512
a00909ab746a5da5ba84c0c810620f23edf9a7e163c9a9f8fdc26df71a2422a9b98f0ec433ccd5bc6a8e8bbc067b4027fde7b06e83cb4be6bccf1bccaecf4aaf
-
SSDEEP
49152:lF9r2hTF2Fs3Dghu/QV/5EKKyVzpMM7UVQzSX5Hxy600cstUtsOEguoI5GRdKegl:FronAu/XezSlxftUWOWe8LY+
Behavioral task
behavioral1
Sample
2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
2.9
e8ae4cffdc2bb11850a1df8815a395df
https://t.me/nemesisgrow
https://steamcommunity.com/profiles/76561199471222742
http://65.109.12.165:80
-
profile_id_v2
e8ae4cffdc2bb11850a1df8815a395df
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15
Extracted
redline
2
176.113.115.220:80
-
auth_value
1c7e8b342a4b74a6ab7150111e59bcde
Targets
-
-
Target
2024-11-09_38d7df59a0be5dbe7fbefe539e30b4e0_frostygoop_poet-rat_snatch
-
Size
4.9MB
-
MD5
38d7df59a0be5dbe7fbefe539e30b4e0
-
SHA1
7072b1276817a58ad812580b01de85264f9fef23
-
SHA256
54aefaffd90d65aa379f23ec7bba7f017d2181cd1d6fe1dd11e86d3a29196545
-
SHA512
a00909ab746a5da5ba84c0c810620f23edf9a7e163c9a9f8fdc26df71a2422a9b98f0ec433ccd5bc6a8e8bbc067b4027fde7b06e83cb4be6bccf1bccaecf4aaf
-
SSDEEP
49152:lF9r2hTF2Fs3Dghu/QV/5EKKyVzpMM7UVQzSX5Hxy600cstUtsOEguoI5GRdKegl:FronAu/XezSlxftUWOWe8LY+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Vidar family
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-