General
-
Target
bdd05b9f4943e47fbd5c563d5d7470d5.exe
-
Size
3.9MB
-
Sample
220820-fgs9mafaeq
-
MD5
bdd05b9f4943e47fbd5c563d5d7470d5
-
SHA1
8c607681070f16579219eccc0add734b5e4adfcb
-
SHA256
25fe81874728f7b962f31c47988989f587fac28ba3b8b3dc126c1eb79f772541
-
SHA512
5816b168dc0953dbacb958459ba089d76b69ff7181f0f52f19efb9ab5d3423067e1e83e9be2e021883d72461af878ef05a8d18961b2f8c0be55d34b4613761f6
-
SSDEEP
98304:QAtfpsTFcCLzXLmqspNhTCp3ipLT7hdL44fU/rwisMTffoiIMhvLgegphsuvspS:QMsFcY3mqSxCp3ipLnhK428iTfg3wvUz
Malware Config
Extracted
redline
185.215.113.69:15544
-
auth_value
fb4317bf0c3365222a03787673dee218
Targets
-
-
Target
bdd05b9f4943e47fbd5c563d5d7470d5.exe
-
Size
3.9MB
-
MD5
bdd05b9f4943e47fbd5c563d5d7470d5
-
SHA1
8c607681070f16579219eccc0add734b5e4adfcb
-
SHA256
25fe81874728f7b962f31c47988989f587fac28ba3b8b3dc126c1eb79f772541
-
SHA512
5816b168dc0953dbacb958459ba089d76b69ff7181f0f52f19efb9ab5d3423067e1e83e9be2e021883d72461af878ef05a8d18961b2f8c0be55d34b4613761f6
-
SSDEEP
98304:QAtfpsTFcCLzXLmqspNhTCp3ipLT7hdL44fU/rwisMTffoiIMhvLgegphsuvspS:QMsFcY3mqSxCp3ipLnhK428iTfg3wvUz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-