General
-
Target
5DDFCF4815E94C48F1031CED6E010868.fil
-
Size
4.6MB
-
Sample
220916-zjh18acder
-
MD5
5ddfcf4815e94c48f1031ced6e010868
-
SHA1
a4e2383b7ef2b19279dab80c1393fa0bf49bd160
-
SHA256
8d73bdbb7100a3189c890f3c579c245bd19c75f5ace2aee9bb0fb3a11072f48d
-
SHA512
828dc460f0961fc0a6e503aca6089b41ad64ed3cd20c7bdf31d390f25b889cb03ca244ab76ac7da4934a74e793055576b11505528e32a0f20ca41186782fe888
-
SSDEEP
98304:EupPsMZmR207JGQUs0tYapHunTkOr8hGRWtg6hYemraATFotYuoz:Euplmk00psYAkOr6tgECXTGeuI
Malware Config
Extracted
redline
45.138.74.121:80
-
auth_value
b9baf351bc89181c836a21fda4084a03
Targets
-
-
Target
5DDFCF4815E94C48F1031CED6E010868.fil
-
Size
4.6MB
-
MD5
5ddfcf4815e94c48f1031ced6e010868
-
SHA1
a4e2383b7ef2b19279dab80c1393fa0bf49bd160
-
SHA256
8d73bdbb7100a3189c890f3c579c245bd19c75f5ace2aee9bb0fb3a11072f48d
-
SHA512
828dc460f0961fc0a6e503aca6089b41ad64ed3cd20c7bdf31d390f25b889cb03ca244ab76ac7da4934a74e793055576b11505528e32a0f20ca41186782fe888
-
SSDEEP
98304:EupPsMZmR207JGQUs0tYapHunTkOr8hGRWtg6hYemraATFotYuoz:Euplmk00psYAkOr6tgECXTGeuI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-