redline | 54b9b801e07066fe1769e5f9e1fac7a3271312e00b469ef52f078108d24a4f1d | Triage

Submit
Reports

Overview

overview

Static

static

Fake Bitco...on.exe

windows10-2004-x64

Sharing

General

Target

Fake Bitcoin Transaction.exe
Size

593KB
Sample

220906-qs6n7sagel
MD5

8348bc8878f2d004c9e79b71a3a3e06b
SHA1

1f1f08004124eebf132bbf743b6b70064e3b71f9
SHA256

54b9b801e07066fe1769e5f9e1fac7a3271312e00b469ef52f078108d24a4f1d
SHA512

93509f4ba464497005922347e57133afb6a6ebf274712f01fb3857a15cb57e6744950140ebd6a554ca9afca597641fec41848b62f83686678088d067b798c543
SSDEEP

12288:sQLutGAXqsp8qTqL12eJM4cIwevZQhLv929ZjI9:sMusAXtpTi12eJM4hxZI9

Score

10^/10

redline ytstealer ubivca infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Fake Bitcoin Transaction.exe

Resource

win10v2004-20220901-en

redline ytstealer ubivca infostealer spyware stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ubivca

C2

185.106.92.228:24221

Attributes

auth_value
43ba5caf87c83f17aa82312a2b9ec2de

Targets

- Target
  
  Fake Bitcoin Transaction.exe
- Size
  
  593KB
- MD5
  
  8348bc8878f2d004c9e79b71a3a3e06b
- SHA1
  
  1f1f08004124eebf132bbf743b6b70064e3b71f9
- SHA256
  
  54b9b801e07066fe1769e5f9e1fac7a3271312e00b469ef52f078108d24a4f1d
- SHA512
  
  93509f4ba464497005922347e57133afb6a6ebf274712f01fb3857a15cb57e6744950140ebd6a554ca9afca597641fec41848b62f83686678088d067b798c543
- SSDEEP
  
  12288:sQLutGAXqsp8qTqL12eJM4cIwevZQhLv929ZjI9:sMusAXtpTi12eJM4hxZI9
Score

10^/10

redline ytstealer ubivca infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineytstealerubivcainfostealerspywarestealerupx

© 2018-2025

Terms | Privacy