Overview

overview

10

Static

static

3

2025-03-30...er.exe

windows7-x64

10

2025-03-30...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-30_43f2253c5727c196699ef13b665edf23_cobalt-strike_sliver

  • Size

    6.0MB

  • Sample

    250330-3ph5ys1mt8

  • MD5

    43f2253c5727c196699ef13b665edf23

  • SHA1

    2801e06c7cc5aa47344775cdceff3da4abc68ff2

  • SHA256

    feff8d068eb3ab1c5d01252f2ff4180cc93bca08cedc656fe18e098e2f3ac351

  • SHA512

    b3915298b4694d90b4d52d0c02daca2e784ce6b2c2c5aa9235d910dc38ca02d828089025477eae4a7e40a14bc82d67dab9eb3e1b39db330141a5b39cadc32aa7

  • SSDEEP

    98304:F8ikdaFvv4+thwLWy7t3oM3bAf1ynL6EqfGX3NLzvLIMpkdwE+TJKTeZBA0:Sik+nTwCeN3mjE7tLzzpeuJKTC7

Score
10/10
redlinevidar1336e25245bfd82f1b9026dcc4de63372discoveryinfostealerstealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

176.113.115.220:80

Attributes
  • auth_value

    b6c86adb7106e9ee7247628f59e06830

Extracted

Family

vidar

Version

2.9

Botnet

336e25245bfd82f1b9026dcc4de63372

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80
Attributes
  • profile_id_v2

    336e25245bfd82f1b9026dcc4de63372

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Targets

    • Target

      2025-03-30_43f2253c5727c196699ef13b665edf23_cobalt-strike_sliver

    • Size

      6.0MB

    • MD5

      43f2253c5727c196699ef13b665edf23

    • SHA1

      2801e06c7cc5aa47344775cdceff3da4abc68ff2

    • SHA256

      feff8d068eb3ab1c5d01252f2ff4180cc93bca08cedc656fe18e098e2f3ac351

    • SHA512

      b3915298b4694d90b4d52d0c02daca2e784ce6b2c2c5aa9235d910dc38ca02d828089025477eae4a7e40a14bc82d67dab9eb3e1b39db330141a5b39cadc32aa7

    • SSDEEP

      98304:F8ikdaFvv4+thwLWy7t3oM3bAf1ynL6EqfGX3NLzvLIMpkdwE+TJKTeZBA0:Sik+nTwCeN3mjE7tLzzpeuJKTC7

    Score
    10/10
    redlinevidardiscoveryinfostealerstealer1336e25245bfd82f1b9026dcc4de63372

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks