General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFY1N2ZWTDlkOXhQYmU1bl91eTBxTVQ0aVRqZ3xBQ3Jtc0tsY0F1eEd4QkFFLWpBZ1RwU3VUdG1MS19qRmxPeXZ6cjZLdlhvYnFhQzBfSnQyR3pIY1h1alZWSURxbWkybzhEQnlULW0yclI2aTNzaDVUcmtDbzZpdUpuNW5EUEZHYVNaMUJiZWFpVmRRaXZNcmJ3bw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fikh6skoi11jf8%2FROBLOXCHEAT&v=RBWNRTMZduA
-
Sample
240521-wzqt8aeb2s
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFY1N2ZWTDlkOXhQYmU1bl91eTBxTVQ0aVRqZ3xBQ3Jtc0tsY0F1eEd4QkFFLWpBZ1RwU3VUdG1MS19qRmxPeXZ6cjZLdlhvYnFhQzBfSnQyR3pIY1h1alZWSURxbWkybzhEQnlULW0yclI2aTNzaDVUcmtDbzZpdUpuNW5EUEZHYVNaMUJiZWFpVmRRaXZNcmJ3bw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fikh6skoi11jf8%2FROBLOXCHEAT&v=RBWNRTMZduA
Resource
win11-20240508-en
Malware Config
Extracted
redline
194.26.232.43:20746
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFY1N2ZWTDlkOXhQYmU1bl91eTBxTVQ0aVRqZ3xBQ3Jtc0tsY0F1eEd4QkFFLWpBZ1RwU3VUdG1MS19qRmxPeXZ6cjZLdlhvYnFhQzBfSnQyR3pIY1h1alZWSURxbWkybzhEQnlULW0yclI2aTNzaDVUcmtDbzZpdUpuNW5EUEZHYVNaMUJiZWFpVmRRaXZNcmJ3bw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fikh6skoi11jf8%2FROBLOXCHEAT&v=RBWNRTMZduA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-