General

  • Target

    2025-04-01_a51708de63466fdb8f05fc0b691ad75a_cobalt-strike_sliver

  • Size

    6.0MB

  • Sample

    250401-df4mvsvlv5

  • MD5

    a51708de63466fdb8f05fc0b691ad75a

  • SHA1

    f613ae0d0bc60fcc0a859ae6c91cd5c2c703c8a4

  • SHA256

    81e45e778b09cf6b681cf35fbd61143d2fe21f2c0d4ca2594c59c8fda7108f5b

  • SHA512

    6eb1de1aeb1cde063ab9c8fab0eda2f409bffd517f400e957a63e436ce556e02fdf2f63c19fa4173e0f074885af1cf68e9f51e64f83ba9e3cb2506eacef3579d

  • SSDEEP

    98304:C8iOO/TWUfjFVnFkQAUVzMbompciedNc2uk3ghL1LrRo3YSaG8aD+i73sDW8:Rib/TtfR00Qgbc2uT91HRo3YSaG5+YE

Malware Config

Extracted

Family

redline

Botnet

1

C2

176.113.115.220:80

Attributes
  • auth_value

    b6c86adb7106e9ee7247628f59e06830

Extracted

Family

vidar

Version

2.9

Botnet

ecbd3e734476b8c0e2456480ca5fbef2

C2

https://t.me/nemesisgrow

https://steamcommunity.com/profiles/76561199471222742

http://65.109.12.165:80

Attributes
  • profile_id_v2

    ecbd3e734476b8c0e2456480ca5fbef2

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Targets

    • Target

      2025-04-01_a51708de63466fdb8f05fc0b691ad75a_cobalt-strike_sliver

    • Size

      6.0MB

    • MD5

      a51708de63466fdb8f05fc0b691ad75a

    • SHA1

      f613ae0d0bc60fcc0a859ae6c91cd5c2c703c8a4

    • SHA256

      81e45e778b09cf6b681cf35fbd61143d2fe21f2c0d4ca2594c59c8fda7108f5b

    • SHA512

      6eb1de1aeb1cde063ab9c8fab0eda2f409bffd517f400e957a63e436ce556e02fdf2f63c19fa4173e0f074885af1cf68e9f51e64f83ba9e3cb2506eacef3579d

    • SSDEEP

      98304:C8iOO/TWUfjFVnFkQAUVzMbompciedNc2uk3ghL1LrRo3YSaG8aD+i73sDW8:Rib/TtfR00Qgbc2uT91HRo3YSaG5+YE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Vidar family

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks