General
-
Target
BOT_SETUP2022.zip
-
Size
5.5MB
-
Sample
221013-t1ahhsdbfm
-
MD5
7784749a0d183ec7755a5f59f4db29d5
-
SHA1
878fe168bd15fd58f5c6761f829910aacccb02cf
-
SHA256
b18726c027ac94cc1086bc0c3ee6c2d5308ca6f76c9f33a59ec5a165fdf55292
-
SHA512
d2e4f79368e2fd85b8aa13d247b8502f8371255648096a08962daf952c1235b0e74eea1a2eb036ce18fba62895804e007475928ff0b0c06833222ffecd8060bd
-
SSDEEP
98304:qblDRM1c8xWFIsZdaLIpDEmxz4XQ++CPsx7ePaVPspiiQG0HQGIAZJj7nFIC7LrF:qxVAc8UnaLacXQ+/PfPaVPspiih0wGIS
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
f902a77d89afd7a0dcc0127007a4bb3c
Targets
-
-
Target
BOT_SETUP2022/SETUP.exe
-
Size
5.5MB
-
MD5
ed40898f7e28068cf4b1ced8b502395c
-
SHA1
b148b0033ee8a6d0158ebec162a263b668fa9510
-
SHA256
5d8f2f6b4203e5785450eb6968570e5fd07de1f4627f75416e175ac53b0b9bd7
-
SHA512
566379fab2bb6f71b264ff5381375313b9eb0d0b3a46e89001648c3d38a867124ec970feb3bc4f9963253b885e47021291e1d64457fb89de0d176c2a61c261e2
-
SSDEEP
98304:ESAjmq5KGe4EaQmMKYBoyXdjOHn/R0lrUg1Cd1PYQIRGrPqVg3bEGM07rAWmI+T:ESumoKGNLoKYqyXVOfarUgTQ4GrPUibE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-