Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/03/2025, 12:30
General
-
Target
2025-03-30_1575293375ede99102b43f2c6c6352b5_cobalt-strike_sliver.exe
-
Size
6.0MB
-
MD5
1575293375ede99102b43f2c6c6352b5
-
SHA1
a56e9604c5cfcccc0ed4df813aacc709611cddc4
-
SHA256
3524fcb8275150f465bca3ccf753a3dc3473d5bd29edf80100ee8135df7e6e97
-
SHA512
8afedb6e26bef5be584d4fffc626976a3632184b853b9ded3bb34ba5dec8c59bc604572a3ef1630bbf352298394265020c4d75121918636f39f727a2705a69b1
-
SSDEEP
98304:C8iOO/TWUfjFVnFkQAUVzMbompciedNc2uk3ghL1LrRo3YSaG8aD+i73sDWT:Rib/TtfR00Qgbc2uT91HRo3YSaG5+Y7
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Redline family
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-03-30_1575293375ede99102b43f2c6c6352b5_cobalt-strike_sliver.exe"C:\Users\Admin\AppData\Local\Temp\2025-03-30_1575293375ede99102b43f2c6c6352b5_cobalt-strike_sliver.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.0MB