redline | b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b
Size

2.2MB
Sample

220805-18ycwafebm
MD5

aa34aee3908cbc51054091ebff97354d
SHA1

72073b055a0d9be3e720679886b7404e5a54752e
SHA256

b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b
SHA512

3981e2f4f934bcaa73171e8d5a221a2dc9c76d5f3fa345eab3ebf53db6f801f12512bafc5f4e7cadd7ea49395c11a3d29eaa0f65edc8123fa0c609b57e267223

Score

10^/10

redline ytstealer s30 infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b.exe

Resource

win7-20220715-en

redline ytstealer s30 infostealer spyware stealer upx

windows7-x64

16 signatures

300 seconds

Behavioral task

behavioral2

Sample

b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b.exe

Resource

win10-20220718-en

redline ytstealer s30 infostealer spyware stealer upx

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

s30

C2

185.106.92.56:48079

Attributes

auth_value
4a6db50203773d46213e05773fa25935

Targets

- Target
  
  b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b
- Size
  
  2.2MB
- MD5
  
  aa34aee3908cbc51054091ebff97354d
- SHA1
  
  72073b055a0d9be3e720679886b7404e5a54752e
- SHA256
  
  b2418873bcfc63d4028e3ebada93030b77f50841862bf5bd5e3f71fe97f06c0b
- SHA512
  
  3981e2f4f934bcaa73171e8d5a221a2dc9c76d5f3fa345eab3ebf53db6f801f12512bafc5f4e7cadd7ea49395c11a3d29eaa0f65edc8123fa0c609b57e267223
Score

10^/10

redline ytstealer s30 infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineytstealers30infostealerspywarestealerupx

behavioral2

redlineytstealers30infostealerspywarestealerupx

© 2018-2024

Terms | Privacy