Extracted

• • Target

    vvv.exe

  • Size

    241KB

  • MD5

    aca124c45a891c1ef397d8f417321b18

  • SHA1

    df65ba744946b458692d3b9e8a7c751f5ce4905d

  • SHA256

    f8d62ab41ce1346a6b65b18bab3b87d35143ccdcf680628738c22817987efd70

  • SHA512

    979ddbe803c338022650aec8c1c9f90dbb0285e1c1cafcd0c2061bbb4e9ea73b01ecae8ee24da109d943d8a935a26281b595d5aa08e8b47133b12f1094f458d8

  • SSDEEP

    6144:L7OMdwUrnuMego2pbulGRd63fU9U79ltVswVmv/8bD0N:L7OMd1rFslGGc9U7m

  Score

  10^/10

  redlineytstealercrypt_cryptexinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2