General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTlPdEpqVVpIM1ctWU83eEg4ZWMxdklsMWI2QXxBQ3Jtc0tuMmJNek9ESWZSYi1qcm5WUGN1alh0djdGUTVESzVQYzFLbXI1QU5PRVNjQ3JNLUt6b3dlUU9XQnVTWVBhS0cwcnFXakVhQmJGWXBhYWdFVGdSOFg3ZUlERDhzTGhpcEtPQW9TQ3hOOWtIR3ZCM0JuUQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fcybqk7ulnmptm%2FOmori&v=o3BogjNBxY0
-
Sample
240625-pyhnwstcrl
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTlPdEpqVVpIM1ctWU83eEg4ZWMxdklsMWI2QXxBQ3Jtc0tuMmJNek9ESWZSYi1qcm5WUGN1alh0djdGUTVESzVQYzFLbXI1QU5PRVNjQ3JNLUt6b3dlUU9XQnVTWVBhS0cwcnFXakVhQmJGWXBhYWdFVGdSOFg3ZUlERDhzTGhpcEtPQW9TQ3hOOWtIR3ZCM0JuUQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fcybqk7ulnmptm%2FOmori&v=o3BogjNBxY0
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
185.196.9.26:6302
Extracted
lumma
https://employeedscratshj.shop/api
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTlPdEpqVVpIM1ctWU83eEg4ZWMxdklsMWI2QXxBQ3Jtc0tuMmJNek9ESWZSYi1qcm5WUGN1alh0djdGUTVESzVQYzFLbXI1QU5PRVNjQ3JNLUt6b3dlUU9XQnVTWVBhS0cwcnFXakVhQmJGWXBhYWdFVGdSOFg3ZUlERDhzTGhpcEtPQW9TQ3hOOWtIR3ZCM0JuUQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fcybqk7ulnmptm%2FOmori&v=o3BogjNBxY0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-