redline

General

Target

2025-03-30_1575293375ede99102b43f2c6c6352b5_cobalt-strike_sliver
Size

6.0MB
Sample

250330-ppgp8syvc1
MD5

1575293375ede99102b43f2c6c6352b5
SHA1

a56e9604c5cfcccc0ed4df813aacc709611cddc4
SHA256

3524fcb8275150f465bca3ccf753a3dc3473d5bd29edf80100ee8135df7e6e97
SHA512

8afedb6e26bef5be584d4fffc626976a3632184b853b9ded3bb34ba5dec8c59bc604572a3ef1630bbf352298394265020c4d75121918636f39f727a2705a69b1
SSDEEP

98304:C8iOO/TWUfjFVnFkQAUVzMbompciedNc2uk3ghL1LrRo3YSaG8aD+i73sDWT:Rib/TtfR00Qgbc2uT91HRo3YSaG5+Y7

Score

10^/10

redline vidar 1 ecbd3e734476b8c0e2456480ca5fbef2 discovery infostealer stealer

Malware Config

Extracted

Family

vidar

Version

2.9

Botnet

ecbd3e734476b8c0e2456480ca5fbef2

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes

profile_id_v2
ecbd3e734476b8c0e2456480ca5fbef2
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Extracted

Family

redline

Botnet

1

C2

176.113.115.220:80

Attributes

auth_value
b6c86adb7106e9ee7247628f59e06830

Targets

- Target
  
  2025-03-30_1575293375ede99102b43f2c6c6352b5_cobalt-strike_sliver
- Size
  
  6.0MB
- MD5
  
  1575293375ede99102b43f2c6c6352b5
- SHA1
  
  a56e9604c5cfcccc0ed4df813aacc709611cddc4
- SHA256
  
  3524fcb8275150f465bca3ccf753a3dc3473d5bd29edf80100ee8135df7e6e97
- SHA512
  
  8afedb6e26bef5be584d4fffc626976a3632184b853b9ded3bb34ba5dec8c59bc604572a3ef1630bbf352298394265020c4d75121918636f39f727a2705a69b1
- SSDEEP
  
  98304:C8iOO/TWUfjFVnFkQAUVzMbompciedNc2uk3ghL1LrRo3YSaG8aD+i73sDWT:Rib/TtfR00Qgbc2uT91HRo3YSaG5+Y7
Score

10^/10

redline vidar discovery infostealer stealer 1 ecbd3e734476b8c0e2456480ca5fbef2
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

RedLine payload

Redline family

Vidar

Vidar family

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2