redline | e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
Size

4.5MB
Sample

220831-mme3hseeg8
MD5

42b6ddf282a3cafbd3b9938b9242ca2f
SHA1

1dc9c7b02cae370032b04aff89f87880e09130dc
SHA256

e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
SHA512

b87b81d2e7e44031a68740aa391dfca93121adfdb2a9bad055c5f7f0e9bc615e4814f6efea011c9b04a7d15952a42a082c62be2ba02f582af8831cfbab5c552a
SSDEEP

98304:Ed7q/35VJNaUM9LC65bKPGFNW9d50IXDvPyakR3Iauu:Em35PNat9G6lKPu40ePya9auu

Score

10^/10

redline ytstealer infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d.exe

Resource

win10-20220812-en

redline ytstealer infostealer spyware stealer upx

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.200.191.18:80

Attributes

auth_value
81be690af280fd9c9e7c951600742654

Targets

- Target
  
  e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
- Size
  
  4.5MB
- MD5
  
  42b6ddf282a3cafbd3b9938b9242ca2f
- SHA1
  
  1dc9c7b02cae370032b04aff89f87880e09130dc
- SHA256
  
  e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
- SHA512
  
  b87b81d2e7e44031a68740aa391dfca93121adfdb2a9bad055c5f7f0e9bc615e4814f6efea011c9b04a7d15952a42a082c62be2ba02f582af8831cfbab5c552a
- SSDEEP
  
  98304:Ed7q/35VJNaUM9LC65bKPGFNW9d50IXDvPyakR3Iauu:Em35PNat9G6lKPu40ePya9auu
Score

10^/10

redline ytstealer infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytstealerinfostealerspywarestealerupx

© 2018-2024

Terms | Privacy