Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Tags
Common Information
Type | Value |
---|---|
UUID | b1733c88-2e24-4e28-8b4f-8823af55a791 |
Fingerprint | 8c0c8c5ba32e1693 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Feb. 8, 2022, 8 a.m. |
Added to db | Feb. 17, 2023, 9:38 p.m. |
Last updated | Dec. 22, 2024, 5:34 p.m. |
Headline | Attackers Disguise RedLine Stealer as a Windows 11 Upgrade |
Title | Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security |
Detected Hints/Tags/Attributes | 40/1/17 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | windows-upgraded.com |
|
Details | Domain | 1 | windows11installationassistant.zip |
|
Details | Domain | 4 | discrodappp.com |
|
Details | File | 2 | windows11installationassistant.zip |
|
Details | File | 3 | windows11installationassistant.exe |
|
Details | File | 2329 | cmd.exe |
|
Details | File | 1 | win11.jpg |
|
Details | File | 1 | win11_reversed.dll |
|
Details | sha256 | 2 | 4293d3f57543a41005be740db7c957d03af1a35c51515585773cedee03708e54 |
|
Details | sha256 | 1 | b50b392ccb07ed7a5da6d2f29a870f8e947ee36c43334c46c1a8bb21dac5992c |
|
Details | sha256 | 2 | 7d5ed583d7efe318fdb397efc51fd0ca7c05fc2e297977efc190a5820b3ee316 |
|
Details | sha256 | 2 | c7bcdc6aecd2f7922140af840ac9695b1d1a04124f1b3ab1450062169edd8e48 |
|
Details | sha256 | 2 | 6b089a4f4fde031164f3467541e0183be91eee21478d1dfe4e95c4a0bb6a6578 |
|
Details | IPv4 | 2 | 45.146.166.38 |
|
Details | IPv4 | 3 | 81.4.105.174 |
|
Details | Url | 2 | https://cdn.discordapp.com/attachments/928009932928856097/936319550855716884/windows11installationassistant.zip |
|
Details | Url | 2 | http://81.4.105.174/win11.jpg |