Overview

overview

10

Static

static

VenomDoge ....1.exe

windows7-x64

10

VenomDoge ....1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VenomDoge-Iauncher-2.3.1.zip

  • Size

    1.1MB

  • Sample

    220906-rseq6abeep

  • MD5

    aac116f025d4222ac178e569fe7e59bd

  • SHA1

    f931d229d1ee8c53b219a2ddea98d856098830aa

  • SHA256

    8bc8388cab5318060b5e55d41b9a019b05e4b58eec22109193a6029c87a0f76b

  • SHA512

    606077686d19a7c1e55f0349ba8aed7a896fcf8a065b51a90b978034eeeb834ee1d291257b74c9a1f464dd1cd5de1dda0836b865d3468b2e91e33bc8e1a1f5e8

  • SSDEEP

    3072:S5u/+7V8Tj+1GDBMs7e3Cj+aICpYzk+/Mi6yOipFHnido/cYy8W1XpOOCL6hT3Ur:MuWuPZDBMsG6+3zkCMik0FHn4o/ITv3I

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes
  • auth_value

    962367a944c68b4d5e3a48a89bd1ae45

Targets

    • Target

      VenomDoge Iauncher 2.3.1.exe

    • Size

      750.0MB

    • MD5

      82196f20fd7b2829826672e0a23476e0

    • SHA1

      3f900b612681fffe48fac7beb2d64e3feb6d4664

    • SHA256

      04e9a17314d47cf40cea3d433167ae939f83cefd08a3baac3eaaef7ea784a7eb

    • SHA512

      339cbaf65fb886abd91105c0d8a898b7b9e218ea3eb290b1bb9b1d76696d4b68095f2bc646d5cb043dd94d299ee560dc536b4d05ab1bd949ea09549c07167319

    • SSDEEP

      12288:K8MbMoi7K/wkMNDVBYkBFLwHNA2M0bA+0/:KnbNi78MPBXstlMr/

    Score
    10/10
    redlineinfostealerspywareytstealerstealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks