Overview

overview

10

Static

static

version_v317.exe

windows7-x64

10

version_v317.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    version_v317.exe

  • Size

    1.2MB

  • Sample

    220911-ay3xhaagg4

  • MD5

    269d8d3d39696517d5c51948a2899be3

  • SHA1

    331a42d387df9b5e6156f70ad79f267d04b34b37

  • SHA256

    8fcb9763b4d3082c9965fde1d5ab7897ecac32ab0e69b871a773f4c807463f91

  • SHA512

    7acee556118e38d8ff242298b542ab8fb2c2b30764ee7cc313bc75c05166a3bfd6dd403a2d520ea109cf5c56f60182a764e8bf56b7b76652c125b7090fb1f300

  • SSDEEP

    24576:WcLtWeOjdpB3qHYYiYNWYaQ7oMLsd/q4z+fsCPQ9MD:WcLtWJjdp1qohcs8lD

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes
  • auth_value

    773835e0fe3917b4910de7ea8d3efab5

Targets

    • Target

      version_v317.exe

    • Size

      1.2MB

    • MD5

      269d8d3d39696517d5c51948a2899be3

    • SHA1

      331a42d387df9b5e6156f70ad79f267d04b34b37

    • SHA256

      8fcb9763b4d3082c9965fde1d5ab7897ecac32ab0e69b871a773f4c807463f91

    • SHA512

      7acee556118e38d8ff242298b542ab8fb2c2b30764ee7cc313bc75c05166a3bfd6dd403a2d520ea109cf5c56f60182a764e8bf56b7b76652c125b7090fb1f300

    • SSDEEP

      24576:WcLtWeOjdpB3qHYYiYNWYaQ7oMLsd/q4z+fsCPQ9MD:WcLtWJjdp1qohcs8lD

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks