General
-
Target
setup.exe
-
Size
4.9MB
-
Sample
220901-qvj8zsgdd3
-
MD5
f282768e11d3b0f9543a4dce4e51d563
-
SHA1
c71b735210380cd0a53db2b4d781cddc5c418fa5
-
SHA256
0af383db909c314a9e69f1266dd8f50b11816a26d3ff26b5b32f0bf8574f410b
-
SHA512
6001628abccb1fc01a5a92fb3e91278b1aefe9b2a05b40d98ed577a4bf9a05ec385d12504874a3be1786b5c7e3a5e42bf89530bb935c83a5d4d2b090d4d57995
-
SSDEEP
98304:iCnkht4Wom20+2hlWDLh88t+IRnBgObfsyzy7seBmhgdOkEWDQPfrSy38km:ibhtgP2hliLXFsyzy7fmMWrSy33m
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
8e735c61c3e52e58f4665d971fce8806
Targets
-
-
Target
setup.exe
-
Size
4.9MB
-
MD5
f282768e11d3b0f9543a4dce4e51d563
-
SHA1
c71b735210380cd0a53db2b4d781cddc5c418fa5
-
SHA256
0af383db909c314a9e69f1266dd8f50b11816a26d3ff26b5b32f0bf8574f410b
-
SHA512
6001628abccb1fc01a5a92fb3e91278b1aefe9b2a05b40d98ed577a4bf9a05ec385d12504874a3be1786b5c7e3a5e42bf89530bb935c83a5d4d2b090d4d57995
-
SSDEEP
98304:iCnkht4Wom20+2hlWDLh88t+IRnBgObfsyzy7seBmhgdOkEWDQPfrSy38km:ibhtgP2hliLXFsyzy7fmMWrSy33m
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-