redline | hxxps://www[.]youtube[.]com/watch?v=z-X9C15iVWs | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-2004-x64

Sharing

General

Target

https://www.youtube.com/watch?v=z-X9C15iVWs
Sample

230318-tchtzseh5s

Score

10^/10

redline @im_hilli microsoft infostealer persistence phishing spyware

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.youtube.com/watch?v=z-X9C15iVWs

Resource

win10v2004-20230220-en

redline @im_hilli microsoft infostealer persistence phishing spyware

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Extracted

Family

redline

Botnet

@im_HiLLi

C2

37.220.87.8:42823

Attributes

auth_value
52bf9dde344e4860030827f790e28cca

Targets

- Target
  
  https://www.youtube.com/watch?v=z-X9C15iVWs
Score

10^/10

redline @im_hilli microsoft infostealer persistence phishing spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

redline@im_hillimicrosoftinfostealerpersistencephishingspyware

© 2018-2024

Terms | Privacy