redline

General

Target

e6e43272252f7ee744283f11acd234f7.exe
Size

3.9MB
Sample

220813-gx7bvsghf7
MD5

e6e43272252f7ee744283f11acd234f7
SHA1

bfa1f8be1c7153c4dc6eb0f2a8b4c7c0f2d7dd8b
SHA256

371f3bb20387dd610cb119b4cc54dfd2ca3bcad5c97b1cc1c608f340a6486d16
SHA512

c67af7163f323e7a7eff882e550674d3e6cae7cb98b4e0f94ae6bb8da037e085498148250b34c510c76756ae4bb5da4159d52f981764a1ee6128ddef414b69e3

Score

10^/10

Malware Config

Extracted

Family

redline

C2

185.215.113.23:15912

Attributes

auth_value
2e05da16ff667c8d53d0673cd5b4e948

Targets

- Target
  
  e6e43272252f7ee744283f11acd234f7.exe
- Size
  
  3.9MB
- MD5
  
  e6e43272252f7ee744283f11acd234f7
- SHA1
  
  bfa1f8be1c7153c4dc6eb0f2a8b4c7c0f2d7dd8b
- SHA256
  
  371f3bb20387dd610cb119b4cc54dfd2ca3bcad5c97b1cc1c608f340a6486d16
- SHA512
  
  c67af7163f323e7a7eff882e550674d3e6cae7cb98b4e0f94ae6bb8da037e085498148250b34c510c76756ae4bb5da4159d52f981764a1ee6128ddef414b69e3
Score

10^/10

redline ytstealer infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

YTStealer

YTStealer payload

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2