General
-
Target
Loader.exe
-
Size
3.9MB
-
Sample
220810-gm1rbsfgd6
-
MD5
853520ad456c09eefe8ee74bd0347d98
-
SHA1
9cd02b1a635eb026ce5a2ac4097f539fc4a172b2
-
SHA256
82a257f1ae25b44d4e7f6cf5f2fa090167e0eef5eea8c29483bf395915e60f77
-
SHA512
e333dbd3505df34da5a1ff7ef336c60a990f632defe7f3869724d098e9b7c024b8a61d4efd10b373c6f7665d8e8fc1453bf8011627fe87ec6a05d5ccdd1923ff
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
b23dc891e63fa34396c9c6001de146e2
Targets
-
-
Target
Loader.exe
-
Size
3.9MB
-
MD5
853520ad456c09eefe8ee74bd0347d98
-
SHA1
9cd02b1a635eb026ce5a2ac4097f539fc4a172b2
-
SHA256
82a257f1ae25b44d4e7f6cf5f2fa090167e0eef5eea8c29483bf395915e60f77
-
SHA512
e333dbd3505df34da5a1ff7ef336c60a990f632defe7f3869724d098e9b7c024b8a61d4efd10b373c6f7665d8e8fc1453bf8011627fe87ec6a05d5ccdd1923ff
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-