Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Common Information
Type Value
UUID b1733c88-2e24-4e28-8b4f-8823af55a791
Fingerprint 8c0c8c5ba32e1693
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 8, 2022, 8 a.m.
Added to db Feb. 17, 2023, 9:38 p.m.
Last updated Dec. 22, 2024, 5:34 p.m.
Headline Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
Title Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Detected Hints/Tags/Attributes 40/1/17
Attributes
Details Type #Events CTI Value
Details Domain 3
windows-upgraded.com
Details Domain 1
windows11installationassistant.zip
Details Domain 4
discrodappp.com
Details File 2
windows11installationassistant.zip
Details File 3
windows11installationassistant.exe
Details File 2329
cmd.exe
Details File 1
win11.jpg
Details File 1
win11_reversed.dll
Details sha256 2
4293d3f57543a41005be740db7c957d03af1a35c51515585773cedee03708e54
Details sha256 1
b50b392ccb07ed7a5da6d2f29a870f8e947ee36c43334c46c1a8bb21dac5992c
Details sha256 2
7d5ed583d7efe318fdb397efc51fd0ca7c05fc2e297977efc190a5820b3ee316
Details sha256 2
c7bcdc6aecd2f7922140af840ac9695b1d1a04124f1b3ab1450062169edd8e48
Details sha256 2
6b089a4f4fde031164f3467541e0183be91eee21478d1dfe4e95c4a0bb6a6578
Details IPv4 2
45.146.166.38
Details IPv4 3
81.4.105.174
Details Url 2
https://cdn.discordapp.com/attachments/928009932928856097/936319550855716884/windows11installationassistant.zip
Details Url 2
http://81.4.105.174/win11.jpg