General
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites.google.com%2Fview%2Famamsoft%3Fusp%3Dsharing
-
Sample
240628-dhdt8azhjp
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites.google.com%2Fview%2Famamsoft%3Fusp%3Dsharing
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
@NoNamePUK
94.228.166.68:80
Targets
-
-
Target
https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites.google.com%2Fview%2Famamsoft%3Fusp%3Dsharing
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-