General

  • Target

    7bc09b96533398f970efe4c87eb72939.exe

  • Size

    19KB

  • Sample

    201213-t2xnleyv36

  • MD5

    7bc09b96533398f970efe4c87eb72939

  • SHA1

    b534275282155c86ee1aad2ff632de46783f8e30

  • SHA256

    ab84aed43b30ced6e514cd2a1191307294bd4f3211813c5de99aa0ebbfedd215

  • SHA512

    387189adb5652b4733efc95a3f7f967bd7d02746a54d539b1b7bb026c53892afb38c13b8fe3abcb3a6af682ec0484ac387bb2ff79ce15a111883bef4894034a0

Score
10/10

Malware Config

Targets

    • Target

      7bc09b96533398f970efe4c87eb72939.exe

    • Size

      19KB

    • MD5

      7bc09b96533398f970efe4c87eb72939

    • SHA1

      b534275282155c86ee1aad2ff632de46783f8e30

    • SHA256

      ab84aed43b30ced6e514cd2a1191307294bd4f3211813c5de99aa0ebbfedd215

    • SHA512

      387189adb5652b4733efc95a3f7f967bd7d02746a54d539b1b7bb026c53892afb38c13b8fe3abcb3a6af682ec0484ac387bb2ff79ce15a111883bef4894034a0

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks