General
-
Target
077081409292056cd64db1b59d87aa20.exe
-
Size
3.9MB
-
Sample
220813-gyq19sghh2
-
MD5
077081409292056cd64db1b59d87aa20
-
SHA1
0d1355049116892ff50f51644713e191cab962a9
-
SHA256
b96e04e692837a4e53e4afeabdf02113d2a02831a0d31a0a4a4554d4fcedb58a
-
SHA512
17b1a80db9e557c5241307ddb169ba27e2befacfac81e9e39085197cc02c0c04c0760b67d54deb743619f74353193e83c243ad3f583a6d9dc07d62988533acde
Malware Config
Extracted
redline
193.106.191.160:8673
-
auth_value
f851075e7177a68d1405b67a1fdef844
Targets
-
-
Target
077081409292056cd64db1b59d87aa20.exe
-
Size
3.9MB
-
MD5
077081409292056cd64db1b59d87aa20
-
SHA1
0d1355049116892ff50f51644713e191cab962a9
-
SHA256
b96e04e692837a4e53e4afeabdf02113d2a02831a0d31a0a4a4554d4fcedb58a
-
SHA512
17b1a80db9e557c5241307ddb169ba27e2befacfac81e9e39085197cc02c0c04c0760b67d54deb743619f74353193e83c243ad3f583a6d9dc07d62988533acde
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-