Overview

overview

10

Static

static

f5fb55d8d7...88.exe

windows7_x64

10

f5fb55d8d7...88.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5fb55d8d7aecf35e136336b0a98a788.exe

  • Size

    19KB

  • Sample

    201214-mfwfdbdyy6

  • MD5

    f5fb55d8d7aecf35e136336b0a98a788

  • SHA1

    f9a6c52db68451bfc10a97b4f7e283a30e7eab88

  • SHA256

    b2e4112f937fa79049e00f1757d4a6b44a1dcd41580e3320fe5d6318bb900b19

  • SHA512

    f6522db7c71604b0b43d7ea911565d9b7f2cf8f00cda2d5128ffd518ea2cd8c50f607858c05f675d276f5a0b229b2f3446faf98291b5330dc71662d695674401

Score
10/10
redlineinfostealer

Malware Config

Targets

    • Target

      f5fb55d8d7aecf35e136336b0a98a788.exe

    • Size

      19KB

    • MD5

      f5fb55d8d7aecf35e136336b0a98a788

    • SHA1

      f9a6c52db68451bfc10a97b4f7e283a30e7eab88

    • SHA256

      b2e4112f937fa79049e00f1757d4a6b44a1dcd41580e3320fe5d6318bb900b19

    • SHA512

      f6522db7c71604b0b43d7ea911565d9b7f2cf8f00cda2d5128ffd518ea2cd8c50f607858c05f675d276f5a0b229b2f3446faf98291b5330dc71662d695674401

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks