4185c612244c3fb7ef8931bbde82986e.exe

General
Target

4185c612244c3fb7ef8931bbde82986e.exe

Size

594KB

Sample

201228-6qwwk8xrbn

Score
10 /10
MD5

4185c612244c3fb7ef8931bbde82986e

SHA1

2ae95e14dc476ab32f42f68a5c42d50d54421814

SHA256

d20a2a8e654e31c03cf64fffb7564c16a7f12599e665af1b9b272f33c113e371

SHA512

66c98c00801e0af7ecfa71903cddbd948d3ad5aee118e4337f534344f7e96f628332432c417bc04e3cd9d35d35fbdb96cefa914fd5a644f2403abf7d29b78c34

Malware Config
Targets
Target

4185c612244c3fb7ef8931bbde82986e.exe

MD5

4185c612244c3fb7ef8931bbde82986e

Filesize

594KB

Score
10 /10
SHA1

2ae95e14dc476ab32f42f68a5c42d50d54421814

SHA256

d20a2a8e654e31c03cf64fffb7564c16a7f12599e665af1b9b272f33c113e371

SHA512

66c98c00801e0af7ecfa71903cddbd948d3ad5aee118e4337f534344f7e96f628332432c417bc04e3cd9d35d35fbdb96cefa914fd5a644f2403abf7d29b78c34

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10