Overview

overview

10

Static

static

8

0f672da130...36.exe

windows7_x64

10

0f672da130...36.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f672da130703a4bbbe1255b9467ef36.exe

  • Size

    594KB

  • Sample

    201228-5z1xj89lja

  • MD5

    0f672da130703a4bbbe1255b9467ef36

  • SHA1

    45d3adc63371a57dc617674a5e14d0265d590f24

  • SHA256

    226bf9a09e806c9d0a83adaef1711ad8a37058208e803fbf92cbf8be7e057f66

  • SHA512

    32c60623483d091b6d12bb83a9681cc1a508bd5981f99b482de1a53d0af56b5a2756617b195a151767b82aabbcf2e3dcd53773ef781ccb194ff26aaddca30015

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      0f672da130703a4bbbe1255b9467ef36.exe

    • Size

      594KB

    • MD5

      0f672da130703a4bbbe1255b9467ef36

    • SHA1

      45d3adc63371a57dc617674a5e14d0265d590f24

    • SHA256

      226bf9a09e806c9d0a83adaef1711ad8a37058208e803fbf92cbf8be7e057f66

    • SHA512

      32c60623483d091b6d12bb83a9681cc1a508bd5981f99b482de1a53d0af56b5a2756617b195a151767b82aabbcf2e3dcd53773ef781ccb194ff26aaddca30015

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks