redline

General

Target

bcbd2fe43df8ff15d3e4503438a54951.exe
Size

3.9MB
Sample

220813-gyq19sghg9
MD5

bcbd2fe43df8ff15d3e4503438a54951
SHA1

2c3848c520573916606777df889ab7e0f9a84ea3
SHA256

dde8987c6126117794a9922ce253a735bd113100a8e56412b518bd9349e70d83
SHA512

b72ee7273a6869b0f90b35a6e944c2c92030d3a219504e70ceaa843b592ef97331cc621c4bf0aca2daa78017b94a0402211c7d2f0becca7926ee97c30be3959d

Score

10^/10

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes

auth_value
a1b687bd55ee0ce016df2e017a162814

Targets

- Target
  
  bcbd2fe43df8ff15d3e4503438a54951.exe
- Size
  
  3.9MB
- MD5
  
  bcbd2fe43df8ff15d3e4503438a54951
- SHA1
  
  2c3848c520573916606777df889ab7e0f9a84ea3
- SHA256
  
  dde8987c6126117794a9922ce253a735bd113100a8e56412b518bd9349e70d83
- SHA512
  
  b72ee7273a6869b0f90b35a6e944c2c92030d3a219504e70ceaa843b592ef97331cc621c4bf0aca2daa78017b94a0402211c7d2f0becca7926ee97c30be3959d
Score

10^/10

redline ytstealer infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

YTStealer

YTStealer payload

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2