General
-
Target
VenomDoge-Iauncher-2.3.1.zip
-
Size
1.1MB
-
Sample
220906-rseq6abeep
-
MD5
aac116f025d4222ac178e569fe7e59bd
-
SHA1
f931d229d1ee8c53b219a2ddea98d856098830aa
-
SHA256
8bc8388cab5318060b5e55d41b9a019b05e4b58eec22109193a6029c87a0f76b
-
SHA512
606077686d19a7c1e55f0349ba8aed7a896fcf8a065b51a90b978034eeeb834ee1d291257b74c9a1f464dd1cd5de1dda0836b865d3468b2e91e33bc8e1a1f5e8
-
SSDEEP
3072:S5u/+7V8Tj+1GDBMs7e3Cj+aICpYzk+/Mi6yOipFHnido/cYy8W1XpOOCL6hT3Ur:MuWuPZDBMsG6+3zkCMik0FHn4o/ITv3I
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
962367a944c68b4d5e3a48a89bd1ae45
Targets
-
-
Target
VenomDoge Iauncher 2.3.1.exe
-
Size
750.0MB
-
MD5
82196f20fd7b2829826672e0a23476e0
-
SHA1
3f900b612681fffe48fac7beb2d64e3feb6d4664
-
SHA256
04e9a17314d47cf40cea3d433167ae939f83cefd08a3baac3eaaef7ea784a7eb
-
SHA512
339cbaf65fb886abd91105c0d8a898b7b9e218ea3eb290b1bb9b1d76696d4b68095f2bc646d5cb043dd94d299ee560dc536b4d05ab1bd949ea09549c07167319
-
SSDEEP
12288:K8MbMoi7K/wkMNDVBYkBFLwHNA2M0bA+0/:KnbNi78MPBXstlMr/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-