redline | f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

Sharing

General

Target

f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532
Size

467KB
Sample

220824-2zrpeacbhj
MD5

a631cd1c9b9335eee6aa5e39223e6c85
SHA1

6d7b9b109deeec214c0aee463280fb385d0ba6b4
SHA256

f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532
SHA512

5d8e4a5c837dbe88912f2036b679df3411099e52fce7e095d2e35738a4d9f1c32d5ffa7925f8348a8c4ddc55ef583a196f1ea13add131f19d0c1fa762be38f1c
SSDEEP

12288:cU8tvvt1OS0tAbvHL7wWZwCeqzcMQV0pFY:cFWALrsLC3zRLY

Score

10^/10

redline ytstealer a3 discovery infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral2

Sample

f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532.exe

Resource

win10-20220812-en

redline ytstealer a3 discovery infostealer spyware stealer upx

windows10-1703-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

a3

C2

65.21.133.231:47430

Attributes

auth_value
6171b64699d91ea058ba94185cb8acbb

Targets

- Target
  
  f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532
- Size
  
  467KB
- MD5
  
  a631cd1c9b9335eee6aa5e39223e6c85
- SHA1
  
  6d7b9b109deeec214c0aee463280fb385d0ba6b4
- SHA256
  
  f0dbbe935cec210dac60dce37999c540573cbe6da411e742e5f30dc3beb5a532
- SHA512
  
  5d8e4a5c837dbe88912f2036b679df3411099e52fce7e095d2e35738a4d9f1c32d5ffa7925f8348a8c4ddc55ef583a196f1ea13add131f19d0c1fa762be38f1c
- SSDEEP
  
  12288:cU8tvvt1OS0tAbvHL7wWZwCeqzcMQV0pFY:cFWALrsLC3zRLY
Score

10^/10

redline ytstealer a3 discovery infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineytstealera3discoveryinfostealerspywarestealerupx

© 2018-2024

Terms | Privacy