General
-
Target
Kiddions Mod Menu.rar
-
Size
69KB
-
Sample
220730-e2h4qagfek
-
MD5
af0c6563260c6b237c8ae53f4bbd28b3
-
SHA1
39ba05ac011012e91fec3eb3a5976fe90fe0f77e
-
SHA256
8d3dffa923565aa14f55266a10143ae2e258550bc63ef67f9f13c654aaffdbfc
-
SHA512
4f06f929e1294dd87bc18674bcad0ddf3dc012c2df888df183092f5a6a78704106a4724501a65aa508f21d9fa32f9a24b6db83461b5355235f590f2066d0df58
Malware Config
Extracted
redline
193.106.191.160:8673
-
auth_value
9c8dd7353be7ed4b6832da21d8d0d902
Targets
-
-
Target
Kiddions Mod Menu/modest-menu.exe
-
Size
500.1MB
-
MD5
8e3a0566155d6310391de7011d9c3b33
-
SHA1
3a5e635addf62e54ee9c86774a2fac8abc7a4c1b
-
SHA256
7f1a50c3ccef0f5173b87e25b597d9610292f0d956e15f2f31d3d5373adec5c3
-
SHA512
b9686d1be20b0df6bf32de7e46c95e1ecd6f155849eba2b0635799631a3aa264e35276eaae87a0913484628c225c452cd209c84b9f0ea52f01ab2b414dd64b7e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-