redline | 9e2610031ebad347e05c91746f4a50fa3211bcd433c5d2605ea4903be5fc4951 | Triage

Sharing

General

Target

2024-11-10_e167b32977bb2379e4d35f8586f90dc8_frostygoop_poet-rat_snatch
Size

4.9MB
Sample

241110-bdlyxswdra
MD5

e167b32977bb2379e4d35f8586f90dc8
SHA1

7f58ddb47afc629c729d45d7a623307b8f7353ad
SHA256

9e2610031ebad347e05c91746f4a50fa3211bcd433c5d2605ea4903be5fc4951
SHA512

9d0294d75bfa09e366edc8808a50f8420ac098947df83146f50660a1b6e9b38ad56bba119cc3ae54cc3078323802189633bf3fc54f006706f0ee155207100946
SSDEEP

49152:6ztyl6vJ2raXerXv/oV/5EKKyVzpMmd6CAzHXFOp+MdawAb8cOWthHMQRWzQfQ09:4yafav/lrzHEpib8dWbC8L8+

Score

10^/10

redline vidar 1 f2a0fa19d8959a4621bac92c4a6959ed discovery infostealer stealer

Malware Config

Extracted

Family

vidar

Version

2.9

Botnet

f2a0fa19d8959a4621bac92c4a6959ed

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes

profile_id_v2
f2a0fa19d8959a4621bac92c4a6959ed
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Extracted

Family

redline

Botnet

1

C2

176.113.115.220:80

Attributes

auth_value
b6c86adb7106e9ee7247628f59e06830

Targets

- Target
  
  2024-11-10_e167b32977bb2379e4d35f8586f90dc8_frostygoop_poet-rat_snatch
- Size
  
  4.9MB
- MD5
  
  e167b32977bb2379e4d35f8586f90dc8
- SHA1
  
  7f58ddb47afc629c729d45d7a623307b8f7353ad
- SHA256
  
  9e2610031ebad347e05c91746f4a50fa3211bcd433c5d2605ea4903be5fc4951
- SHA512
  
  9d0294d75bfa09e366edc8808a50f8420ac098947df83146f50660a1b6e9b38ad56bba119cc3ae54cc3078323802189633bf3fc54f006706f0ee155207100946
- SSDEEP
  
  49152:6ztyl6vJ2raXerXv/oV/5EKKyVzpMmd6CAzHXFOp+MdawAb8cOWthHMQRWzQfQ09:4yafav/lrzHEpib8dWbC8L8+
Score

10^/10

discovery redline vidar 1 f2a0fa19d8959a4621bac92c4a6959ed infostealer stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinevidar1f2a0fa19d8959a4621bac92c4a6959eddiscoveryinfostealerstealer