Static

static

8

4185c61224...6e.exe

windows7_x64

10

4185c61224...6e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4185c612244c3fb7ef8931bbde82986e.exe

  • Size

    594KB

  • Sample

    201228-6qwwk8xrbn

  • MD5

    4185c612244c3fb7ef8931bbde82986e

  • SHA1

    2ae95e14dc476ab32f42f68a5c42d50d54421814

  • SHA256

    d20a2a8e654e31c03cf64fffb7564c16a7f12599e665af1b9b272f33c113e371

  • SHA512

    66c98c00801e0af7ecfa71903cddbd948d3ad5aee118e4337f534344f7e96f628332432c417bc04e3cd9d35d35fbdb96cefa914fd5a644f2403abf7d29b78c34

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      4185c612244c3fb7ef8931bbde82986e.exe

    • Size

      594KB

    • MD5

      4185c612244c3fb7ef8931bbde82986e

    • SHA1

      2ae95e14dc476ab32f42f68a5c42d50d54421814

    • SHA256

      d20a2a8e654e31c03cf64fffb7564c16a7f12599e665af1b9b272f33c113e371

    • SHA512

      66c98c00801e0af7ecfa71903cddbd948d3ad5aee118e4337f534344f7e96f628332432c417bc04e3cd9d35d35fbdb96cefa914fd5a644f2403abf7d29b78c34

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks