General

  • Target

    Ultimate YT Downloader Cutter.msi

  • Size

    7.2MB

  • Sample

    240411-ahlchsab3y

  • MD5

    1ec33b53564abb96902b988e7fce5ed3

  • SHA1

    1378302d99f494f54ec9b8c04419c3a57a576eae

  • SHA256

    6e49fcb7c7db4085ca71f67b6c4cd7d27674e12f410543dbf5923373605d5ea2

  • SHA512

    3f504264b5b374e60f2a8f721c73ac2ae685351c803f1362cac9d15551212f27f298f3060fd4f8f0d56fd83ebb0e57d3bf069877786c491a415edf9ddb98d332

  • SSDEEP

    196608:COSRwXS+3DsGbDc+deV7+8wAX65LKAlIRIE3:lSSfPojV7CKA2r

Malware Config

Extracted

Family

redline

Botnet

https://free-yt-downloader.com

C2

https://free-yt-downloader.com

Targets

    • Target

      Ultimate YT Downloader Cutter.msi

    • Size

      7.2MB

    • MD5

      1ec33b53564abb96902b988e7fce5ed3

    • SHA1

      1378302d99f494f54ec9b8c04419c3a57a576eae

    • SHA256

      6e49fcb7c7db4085ca71f67b6c4cd7d27674e12f410543dbf5923373605d5ea2

    • SHA512

      3f504264b5b374e60f2a8f721c73ac2ae685351c803f1362cac9d15551212f27f298f3060fd4f8f0d56fd83ebb0e57d3bf069877786c491a415edf9ddb98d332

    • SSDEEP

      196608:COSRwXS+3DsGbDc+deV7+8wAX65LKAlIRIE3:lSSfPojV7CKA2r

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks