Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B496D857BBBEF7E54FB21211543F3773D0217531F45E5AE8F781A6A2105BD9CE

  • Size

    2.5MB

  • Sample

    220812-bwfjvshde3

  • MD5

    7e14b59e3e02f958d30d433d049ba87f

  • SHA1

    56654f6eef3439ee707338b67fdcfffa371dff6c

  • SHA256

    b496d857bbbef7e54fb21211543f3773d0217531f45e5ae8f781a6a2105bd9ce

  • SHA512

    f600e6ce13bc5f8f510ff3dfaf7bb565adce02132e411e0aafbfe7284b109a46b7eee6be339b8041fdc1d2f0e64e8280611053394cd0c1f3c9166c9c0141242a

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes
  • auth_value

    d6602ca99e3633ec2776f94702ca62f2

Targets

    • Target

      B496D857BBBEF7E54FB21211543F3773D0217531F45E5AE8F781A6A2105BD9CE

    • Size

      2.5MB

    • MD5

      7e14b59e3e02f958d30d433d049ba87f

    • SHA1

      56654f6eef3439ee707338b67fdcfffa371dff6c

    • SHA256

      b496d857bbbef7e54fb21211543f3773d0217531f45e5ae8f781a6a2105bd9ce

    • SHA512

      f600e6ce13bc5f8f510ff3dfaf7bb565adce02132e411e0aafbfe7284b109a46b7eee6be339b8041fdc1d2f0e64e8280611053394cd0c1f3c9166c9c0141242a

    Score
    10/10
    redlineinfostealerspywareytstealerstealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks