Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B59600E131D839BCA09180B6A1624EC0C8ED6A89F7B5F266E00D466A08BBBF50

  • Size

    2.4MB

  • Sample

    220812-bwmm6shde4

  • MD5

    eb787c21d13fea35fdef02a4108a3837

  • SHA1

    e49bdd16b109886c7bec44945dd442b815c85540

  • SHA256

    b59600e131d839bca09180b6a1624ec0c8ed6a89f7b5f266e00d466a08bbbf50

  • SHA512

    612e2428af924cd5f666542ddcc2842fbda8691de6659a9a7ea50f7d28ad11bbbd8a36772f0ab3dca6be86f29876ff6a12cb6e635d9a8788a9d4a50d8891ba64

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes
  • auth_value

    dd55e2051534eafb87cf91977b6d459b

Targets

    • Target

      B59600E131D839BCA09180B6A1624EC0C8ED6A89F7B5F266E00D466A08BBBF50

    • Size

      2.4MB

    • MD5

      eb787c21d13fea35fdef02a4108a3837

    • SHA1

      e49bdd16b109886c7bec44945dd442b815c85540

    • SHA256

      b59600e131d839bca09180b6a1624ec0c8ed6a89f7b5f266e00d466a08bbbf50

    • SHA512

      612e2428af924cd5f666542ddcc2842fbda8691de6659a9a7ea50f7d28ad11bbbd8a36772f0ab3dca6be86f29876ff6a12cb6e635d9a8788a9d4a50d8891ba64

    Score
    10/10
    redlineinfostealerspywareytstealerstealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks