General
-
Target
Setup.exe
-
Size
2.5MB
-
Sample
220730-ewyl8agfaq
-
MD5
692bb5c0a6be51f599fc7c89b54ed533
-
SHA1
6ecc3892d959822a7a5d4803f665d4407e70dbe1
-
SHA256
158e17bf5074a1e8e04d1f76adb1b19991e8646be719149bc2f3c93300ab544c
-
SHA512
a79cd83a17532ab4bdd458cc4b5c997a57de6d65708bb01bec1e133040ad9870303a259442c9b7e3fffc8c45ea97da07c9f1b802f9361203af4ac28b414f6450
Malware Config
Extracted
redline
193.106.191.160:8673
-
auth_value
6988f8340a66b40e87fa1375bd2f916c
Targets
-
-
Target
Setup.exe
-
Size
2.5MB
-
MD5
692bb5c0a6be51f599fc7c89b54ed533
-
SHA1
6ecc3892d959822a7a5d4803f665d4407e70dbe1
-
SHA256
158e17bf5074a1e8e04d1f76adb1b19991e8646be719149bc2f3c93300ab544c
-
SHA512
a79cd83a17532ab4bdd458cc4b5c997a57de6d65708bb01bec1e133040ad9870303a259442c9b7e3fffc8c45ea97da07c9f1b802f9361203af4ac28b414f6450
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-