General
-
Target
43AF78F2753EDE1F0EDB63228D878BCB0E08EF56FE2CE81BF6B244804B925C61
-
Size
2.4MB
-
Sample
220812-a8rxzsghh4
-
MD5
70b2a3171cbd8898b4bb72865b154383
-
SHA1
e0ef3c4a392202c0cb6b8ddaf74d7b7da3d96e93
-
SHA256
43af78f2753ede1f0edb63228d878bcb0e08ef56fe2ce81bf6b244804b925c61
-
SHA512
a0e9df18e7d0b48640f821f1242fb6ad66013f9a486a1cb0ebf0c5131ed46ac9bdcaf32dd664b92cc72a9c6c718960f465a69c4677e07adbe3f045e594a9c2d5
Malware Config
Extracted
redline
185.215.113.83:60722
-
auth_value
6a762d509b2b364f6321ec8e3f099271
Targets
-
-
Target
43AF78F2753EDE1F0EDB63228D878BCB0E08EF56FE2CE81BF6B244804B925C61
-
Size
2.4MB
-
MD5
70b2a3171cbd8898b4bb72865b154383
-
SHA1
e0ef3c4a392202c0cb6b8ddaf74d7b7da3d96e93
-
SHA256
43af78f2753ede1f0edb63228d878bcb0e08ef56fe2ce81bf6b244804b925c61
-
SHA512
a0e9df18e7d0b48640f821f1242fb6ad66013f9a486a1cb0ebf0c5131ed46ac9bdcaf32dd664b92cc72a9c6c718960f465a69c4677e07adbe3f045e594a9c2d5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-