General
-
Target
https://e.pcloud.link/publink/show?code=uaxotalK#returl=https%3A//e.pcloud.link/publink/show%3Fcode%3DuaxotalK&page=login
-
Sample
220828-v4mgxscdeq
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://e.pcloud.link/publink/show?code=uaxotalK#returl=https%3A//e.pcloud.link/publink/show%3Fcode%3DuaxotalK&page=login
Resource
win10v2004-20220812-en
windows10-2004-x64
23 signatures
600 seconds
Malware Config
Extracted
Family
redline
Botnet
UBICA
C2
185.106.92.228:24221
Attributes
-
auth_value
afd407459196c3a8a7e543e47f442445
Targets
-
-
Target
https://e.pcloud.link/publink/show?code=uaxotalK#returl=https%3A//e.pcloud.link/publink/show%3Fcode%3DuaxotalK&page=login
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-