Extracted

• • Target

    qqq.exe

  • Size

    841KB

  • MD5

    79a24a331ec7b5d3b1cf688cc64d995a

  • SHA1

    bbd5cf02858f30b4bb329b0a12c4d844656d11f3

  • SHA256

    3d568dc9ee07bf5ebe9314d2aea822b1bf4de89110e7c027e151bde134b35ba5

  • SHA512

    2e68f0549682f70fa692ba5f69fbcc458da4726cf965f70331318408d1e5307dc08a33ba5798a3d4c521b2cc0c7da36f041a6547bc2c80e09936cb8f4aadb546

  • SSDEEP

    24576:AFejHjpj47GLpGLMMMHMMMvMMZMMMKzbKXOMMHMMMvMMZMMMKzbKX7GLMMMHMMM3:AEjDpj4qMMHMMMvMMZMMMFOMMHMMMvMf

  Score

  10^/10

  redlineytstealercrypt_cryptex_v1infostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2