Overview

overview

10

Static

static

Sony Vegas...up.exe

windows7-x64

10

Sony Vegas...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sony Vegas crack.zip

  • Size

    13.1MB

  • Sample

    220807-s4pk6schdp

  • MD5

    21f5d7d3ea692a549001d6eb94cdda94

  • SHA1

    878f9b3e1ec51a372f9c22c98459316e38241162

  • SHA256

    9a4163962ab2a38aca13f1067ecc6c8a53f4ec906bbf4d51f575824ef438dab5

  • SHA512

    5aebd88ed80cf80e635b1dee5964a2cd05e825d2ad46f057e94c2c606e777661a24bdb5c32b00cae990cd4425556e33b73169d10d4d7564fcce3b32ad2e7fbb0

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes
  • auth_value

    2d8475d5a1e739364f1485cbb6b16870

Targets

    • Target

      Sony Vegas crack/Setup.exe

    • Size

      358KB

    • MD5

      aaf3cdffc8c576e2de1cf8629e4f4864

    • SHA1

      dda89a732e9de1af7742c54c5474eaa56250654e

    • SHA256

      0ae5776317f4c8b71b190fbe5eec5a4f6709dab871635e5dbef4dbc06e9209a7

    • SHA512

      6071528a51bae6e3d62fd617613d056c69bbd17c222630bbf22e06fb8b457bfcddd65fc528462d9920a476efb2f5addcf574f038540a9ac3436143e57497bc5f

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks