General
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazA4VVlJdERhN3hZTnItTUN0eXNBQW8xR1dNZ3xBQ3Jtc0tuczIyTUcyR2pvNWZxVFhfOFVZQXAzMGJFSG1FRV9rWlF4WnozaUxyVWJZendLOGs1YWp3Nmszbl9TZmM1cTZ5RlJIN1RXSURzLXVHWVlEUS1TSnhveW5rc1VNX25qNGgxWnpqODlRSGtTblhLY3h6MA&q=https%3A%2F%2Ftinyurl.com%2F34mcs45p
-
Sample
240702-a83dqatfpk
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazA4VVlJdERhN3hZTnItTUN0eXNBQW8xR1dNZ3xBQ3Jtc0tuczIyTUcyR2pvNWZxVFhfOFVZQXAzMGJFSG1FRV9rWlF4WnozaUxyVWJZendLOGs1YWp3Nmszbl9TZmM1cTZ5RlJIN1RXSURzLXVHWVlEUS1TSnhveW5rc1VNX25qNGgxWnpqODlRSGtTblhLY3h6MA&q=https%3A%2F%2Ftinyurl.com%2F34mcs45p
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
@tronzzz
94.228.166.68:80
Targets
-
-
Target
https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazA4VVlJdERhN3hZTnItTUN0eXNBQW8xR1dNZ3xBQ3Jtc0tuczIyTUcyR2pvNWZxVFhfOFVZQXAzMGJFSG1FRV9rWlF4WnozaUxyVWJZendLOGs1YWp3Nmszbl9TZmM1cTZ5RlJIN1RXSURzLXVHWVlEUS1TSnhveW5rc1VNX25qNGgxWnpqODlRSGtTblhLY3h6MA&q=https%3A%2F%2Ftinyurl.com%2F34mcs45p
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-