redline | 0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
Size

139KB
Sample

220820-16hveabhc7
MD5

cd025972c4df727a0fce903a1209c627
SHA1

cc14e518cafcc81c3c44384c491f1ee7634aef37
SHA256

0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
SHA512

af2c4ddc79dc98eefa65ccd5aac13918f97fcdb2857b4a344d3ca3e3277579387f13642894a8e561e88c713f3d56965673453e68d7cfb33bbaa9568e2b2dc03d
SSDEEP

3072:TdVerLRIKM5kjqpoT+LZxmVm0rlAZD623ld354jjvNmu:h+FwkO6+6VLrlcld3mjjB

Score

10^/10

redline ytstealer a1 infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38.exe

Resource

win7-20220812-en

redline ytstealer a1 infostealer spyware stealer upx

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38.exe

Resource

win10-20220812-en

redline ytstealer a1 infostealer spyware stealer upx

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

a1

C2

65.21.133.231:47430

Attributes

auth_value
b7563e1c5afab74eb0301a1cb2907974

Targets

- Target
  
  0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
- Size
  
  139KB
- MD5
  
  cd025972c4df727a0fce903a1209c627
- SHA1
  
  cc14e518cafcc81c3c44384c491f1ee7634aef37
- SHA256
  
  0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
- SHA512
  
  af2c4ddc79dc98eefa65ccd5aac13918f97fcdb2857b4a344d3ca3e3277579387f13642894a8e561e88c713f3d56965673453e68d7cfb33bbaa9568e2b2dc03d
- SSDEEP
  
  3072:TdVerLRIKM5kjqpoT+LZxmVm0rlAZD623ld354jjvNmu:h+FwkO6+6VLrlcld3mjjB
Score

10^/10

redline ytstealer a1 infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlineytstealera1infostealerspywarestealerupx

behavioral2

redlineytstealera1infostealerspywarestealerupx

© 2018-2024

Terms | Privacy