Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AAFFD1B06AD080670E8CF627C0F0C4E961A8BE4FEFCC0910A30D726855669234

  • Size

    2.5MB

  • Sample

    220812-btyyesehgk

  • MD5

    124d1f6dad8e6dd823ab9c96cab8f113

  • SHA1

    717bfa0241abfa8fa744e16f80d6fde99ad0b243

  • SHA256

    aaffd1b06ad080670e8cf627c0f0c4e961a8be4fefcc0910a30d726855669234

  • SHA512

    7050d5073df91855ee7c5ec60de48861cac5e2bd6cb9beb26a7bdccc967ea35cf70f91a37aae2a794fd4d83613b0d23dfabbe3cbd67b889881d9c423ab2d8772

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes
  • auth_value

    ee9d4f10e44838ce0db5ea42cecb58a9

Targets

    • Target

      AAFFD1B06AD080670E8CF627C0F0C4E961A8BE4FEFCC0910A30D726855669234

    • Size

      2.5MB

    • MD5

      124d1f6dad8e6dd823ab9c96cab8f113

    • SHA1

      717bfa0241abfa8fa744e16f80d6fde99ad0b243

    • SHA256

      aaffd1b06ad080670e8cf627c0f0c4e961a8be4fefcc0910a30d726855669234

    • SHA512

      7050d5073df91855ee7c5ec60de48861cac5e2bd6cb9beb26a7bdccc967ea35cf70f91a37aae2a794fd4d83613b0d23dfabbe3cbd67b889881d9c423ab2d8772

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks