General
-
Target
photoshop.rar
-
Size
18.7MB
-
Sample
220818-q7pz1afcgl
-
MD5
68f59dc2488713f2dc541368fff49f69
-
SHA1
833f085c12529592c45b129da616165c1439ee26
-
SHA256
462524577af8eb243217386c635682108a17f617d22299492310c1a05605c629
-
SHA512
fef1e6fe83a9cee007e105ccfe3ba3a18cce34b426d660136c37d79d3118a2ebea8d3d884a1d6f09d3daa235a03c6bfa214aec32aa8c019c8a4b6ec6ef94bf41
-
SSDEEP
393216:IDmc1WTYaL69ihTFkNPn494P3dIafbZHxmnMIwGxFRiXSQI:Ymc1+tFpFkNwCfDTd0DlxnzQI
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
957400b0c8387b1ada235531e7d098ac
Targets
-
-
Target
photoshop.exe
-
Size
4.7MB
-
MD5
53db74cccfa08badc51bbcf2aa9fcbf0
-
SHA1
72eac60ae7d95e17bd4dbf2bc9da1daa802111a7
-
SHA256
7be64a3fd654b4217c6cf82e6de8fa45e30555b58e7422d77ab49da2f6a10a57
-
SHA512
0d7e22f6a766b8c1d5d72c250c59afb2127032f2312efaaad114ffe8bc12edcbb5439735b43250a2319cd5473f42b9b2eba813d1d2c04f10ccdc78a60d02f8d6
-
SSDEEP
98304:EVUbcy6CxW2J3fUnNUun1i5sVfyK0F5fQH7PXddgtod:EVUbjR5J3oTnes9yK0FUPXjyW
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-