redline | 47a5d4fee227db598a8eb2ee7b4aa3f5ed3ecc7c6d59e2e2998a2b696854af55 | Triage

Submit
Reports

Overview

overview

Static

static

SYNAPSE X ...se.exe

windows10-1703-x64

Resubmissions

26-08-2022 19:38

220826-ycff3shgb3 10

26-08-2022 19:35

220826-yam35shfh8 7

Sharing

General

Target

SYNAPSE_X_CRACKED.rar
Size

4.5MB
Sample

220826-ycff3shgb3
MD5

06c53377fc35c61d74f7a05afabf0558
SHA1

823da3b7dcc9d4221012102af0c006d616745d67
SHA256

47a5d4fee227db598a8eb2ee7b4aa3f5ed3ecc7c6d59e2e2998a2b696854af55
SHA512

666f4b8f6b58ee834bb73468d7a5be13a10682bc5d950f73a7852c5a9928e175b941503c8e356071d2b2b5f833c2eab48e55061f5187de06fa713efa80163ca3
SSDEEP

98304:SX/EjfagrmF6hJdz6XqVHy1E+PF2dK+OS+PU5/6dRaJuKY:4S7yF6AXcy1p89+PmpnY

Score

10^/10

redline ytstealer infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

SYNAPSE X CRACKED/SYNAPSE X CRACKED/RobloxSynapse.exe

Resource

win10-20220812-en

redline ytstealer infostealer spyware stealer upx

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.200.191.18:80

Attributes

auth_value
81be690af280fd9c9e7c951600742654

Targets

- Target
  
  SYNAPSE X CRACKED/SYNAPSE X CRACKED/RobloxSynapse.exe
- Size
  
  700.0MB
- MD5
  
  99709192d1df7d5f7d8e583472818007
- SHA1
  
  2914457c90f0a89c1ccbbdd96157907214e4b1fb
- SHA256
  
  e6120b4444738b23157d1476615c68a719cb22017e3e48ee794003d162a4ed20
- SHA512
  
  a416d828c81726a0842f85410c4bc3e0d516671c2284a30c82dc68fbe9375fab7d23cca6efcb4cd4077af910ae3843fe0b08ad31b0a87e0e6c9753fb1903257b
- SSDEEP
  
  49152:C7G9SRPCkd/OJLDPXissDMRT6FacYKfQWNpGW78O+siqTDpQ:C7G0Nt42DCT6HYKSZqTG
Score

10^/10

redline ytstealer infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineytstealerinfostealerspywarestealerupx

© 2018-2024

Terms | Privacy