General
-
Target
YouTube Downloader.exe
-
Size
19.2MB
-
Sample
240527-thg5msag82
-
MD5
3de2b0e95269fd8643941f88643abe2b
-
SHA1
856ea03a4b130e43720360726acce7a83ce81fd9
-
SHA256
61987705947fd84e24f1da0c395bdcb4dac414ca6af244b5d897259c05f000e6
-
SHA512
4a12accfa9f713ffd2a493821b2abf51cc5f0a0c8a3bdd6364fafd878b6c3f73ded429ca5c33ba016d00bc5846ed166880c4c1182e7fa25a19ad80aa4998c1c1
-
SSDEEP
393216:nrTl5q1+TtIiF0Y9Z8D8CcldlgdL/XEGjJQWiKQ1up5itIOX1SChOrNc/N:rbq1QtILa8DZcLlgdrXyBKMuWIgSiOrc
Behavioral task
behavioral1
Sample
YouTube Downloader.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
5664290451
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
YouTube Downloader.exe
-
Size
19.2MB
-
MD5
3de2b0e95269fd8643941f88643abe2b
-
SHA1
856ea03a4b130e43720360726acce7a83ce81fd9
-
SHA256
61987705947fd84e24f1da0c395bdcb4dac414ca6af244b5d897259c05f000e6
-
SHA512
4a12accfa9f713ffd2a493821b2abf51cc5f0a0c8a3bdd6364fafd878b6c3f73ded429ca5c33ba016d00bc5846ed166880c4c1182e7fa25a19ad80aa4998c1c1
-
SSDEEP
393216:nrTl5q1+TtIiF0Y9Z8D8CcldlgdL/XEGjJQWiKQ1up5itIOX1SChOrNc/N:rbq1QtILa8DZcLlgdrXyBKMuWIgSiOrc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-