Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/03/2025, 23:44
General
-
Target
2025-03-30_43f2253c5727c196699ef13b665edf23_cobalt-strike_sliver.exe
-
Size
6.0MB
-
MD5
43f2253c5727c196699ef13b665edf23
-
SHA1
2801e06c7cc5aa47344775cdceff3da4abc68ff2
-
SHA256
feff8d068eb3ab1c5d01252f2ff4180cc93bca08cedc656fe18e098e2f3ac351
-
SHA512
b3915298b4694d90b4d52d0c02daca2e784ce6b2c2c5aa9235d910dc38ca02d828089025477eae4a7e40a14bc82d67dab9eb3e1b39db330141a5b39cadc32aa7
-
SSDEEP
98304:F8ikdaFvv4+thwLWy7t3oM3bAf1ynL6EqfGX3NLzvLIMpkdwE+TJKTeZBA0:Sik+nTwCeN3mjE7tLzzpeuJKTC7
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Redline family
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-03-30_43f2253c5727c196699ef13b665edf23_cobalt-strike_sliver.exe"C:\Users\Admin\AppData\Local\Temp\2025-03-30_43f2253c5727c196699ef13b665edf23_cobalt-strike_sliver.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.0MB