Overview

overview

10

Static

static

Launcher.exe

windows7-x64

10

Launcher.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher.exe

  • Size

    4.6MB

  • Sample

    220817-mmtwnshdb4

  • MD5

    4612516fca7a6fc9c393a76859d89539

  • SHA1

    4d854c616dca1833ee3bb64befb39676a4cd26c3

  • SHA256

    097c24ae162bd92ddfacc1276aada59fa7d058837c359a3f3a37f2ddc763e841

  • SHA512

    700125943a1e7fca1f161c869cf7553e4462bd770763ad49e3ef1591d77ee521ff635b721af241718413442a5ecf3972981579396fd52472e4a5ddcc89b3e290

  • SSDEEP

    98304:PlTHpj34u1p6J3wQ98sNkEqKKe5hJe8FeT:PlZtO3wQ98sNVThJe8s

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes
  • auth_value

    2c7c599df95f4eb1a36237ba938268a0

Targets

    • Target

      Launcher.exe

    • Size

      4.6MB

    • MD5

      4612516fca7a6fc9c393a76859d89539

    • SHA1

      4d854c616dca1833ee3bb64befb39676a4cd26c3

    • SHA256

      097c24ae162bd92ddfacc1276aada59fa7d058837c359a3f3a37f2ddc763e841

    • SHA512

      700125943a1e7fca1f161c869cf7553e4462bd770763ad49e3ef1591d77ee521ff635b721af241718413442a5ecf3972981579396fd52472e4a5ddcc89b3e290

    • SSDEEP

      98304:PlTHpj34u1p6J3wQ98sNkEqKKe5hJe8FeT:PlZtO3wQ98sNVThJe8s

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks