redline | 1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf
Size

191KB
Sample

220809-169m5ahbam
MD5

9a06d23974e9cf0cb052aef8aead3c6e
SHA1

5d61cd43b5be3dcb2f41898c91f336d043ba35a9
SHA256

1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf
SHA512

3cd8f08bdb5fbcdabbb23a4e06784816398895957d7efc991fe5955d2ce814b2f5bcba91101c357710de65bfaa99aa28fbfafb2b12a192e3f45a6c77c8f75266

Score

10^/10

redline ytstealer after8 infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf.exe

Resource

win7-20220715-en

redline ytstealer after8 infostealer spyware stealer upx

windows7-x64

16 signatures

300 seconds

Behavioral task

behavioral2

Sample

1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf.exe

Resource

win10-20220718-en

redline after8 infostealer spyware

windows10-1703-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

after8

C2

185.106.92.56:48079

Attributes

auth_value
cac85741280bc7db83835e5a0ca51c93

Targets

- Target
  
  1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf
- Size
  
  191KB
- MD5
  
  9a06d23974e9cf0cb052aef8aead3c6e
- SHA1
  
  5d61cd43b5be3dcb2f41898c91f336d043ba35a9
- SHA256
  
  1a7c9d8e7b948a22d8f4fe7e5b104261b2c0dde0ae7e956abb0891b6e02d55cf
- SHA512
  
  3cd8f08bdb5fbcdabbb23a4e06784816398895957d7efc991fe5955d2ce814b2f5bcba91101c357710de65bfaa99aa28fbfafb2b12a192e3f45a6c77c8f75266
Score

10^/10

redline ytstealer after8 infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineytstealerafter8infostealerspywarestealerupx

behavioral2

redlineafter8infostealerspyware

© 2018-2024

Terms | Privacy