redline | b18726c027ac94cc1086bc0c3ee6c2d5308ca6f76c9f33a59ec5a165fdf55292 | Triage

Submit
Reports

Overview

overview

Static

static

BOT_SETUP2...UP.exe

windows7-x64

BOT_SETUP2...UP.exe

windows10-2004-x64

Sharing

General

Target

BOT_SETUP2022.zip
Size

5.5MB
Sample

221013-t1ahhsdbfm
MD5

7784749a0d183ec7755a5f59f4db29d5
SHA1

878fe168bd15fd58f5c6761f829910aacccb02cf
SHA256

b18726c027ac94cc1086bc0c3ee6c2d5308ca6f76c9f33a59ec5a165fdf55292
SHA512

d2e4f79368e2fd85b8aa13d247b8502f8371255648096a08962daf952c1235b0e74eea1a2eb036ce18fba62895804e007475928ff0b0c06833222ffecd8060bd
SSDEEP

98304:qblDRM1c8xWFIsZdaLIpDEmxz4XQ++CPsx7ePaVPspiiQG0HQGIAZJj7nFIC7LrF:qxVAc8UnaLacXQ+/PfPaVPspiih0wGIS

Score

10^/10

redline ytstealer infostealer spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

BOT_SETUP2022/SETUP.exe

Resource

win7-20220812-en

redline ytstealer infostealer stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

BOT_SETUP2022/SETUP.exe

Resource

win10v2004-20220901-en

redline ytstealer infostealer spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.200.191.18:80

Attributes

auth_value
f902a77d89afd7a0dcc0127007a4bb3c

Targets

- Target
  
  BOT_SETUP2022/SETUP.exe
- Size
  
  5.5MB
- MD5
  
  ed40898f7e28068cf4b1ced8b502395c
- SHA1
  
  b148b0033ee8a6d0158ebec162a263b668fa9510
- SHA256
  
  5d8f2f6b4203e5785450eb6968570e5fd07de1f4627f75416e175ac53b0b9bd7
- SHA512
  
  566379fab2bb6f71b264ff5381375313b9eb0d0b3a46e89001648c3d38a867124ec970feb3bc4f9963253b885e47021291e1d64457fb89de0d176c2a61c261e2
- SSDEEP
  
  98304:ESAjmq5KGe4EaQmMKYBoyXdjOHn/R0lrUg1Cd1PYQIRGrPqVg3bEGM07rAWmI+T:ESumoKGNLoKYqyXVOfarUgTQ4GrPUibE
Score

10^/10

redline ytstealer infostealer stealer upx spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytstealerinfostealerstealerupx

behavioral2

redlineytstealerinfostealerspywarestealerupx

© 2018-2024

Terms | Privacy