0ee74f44700ad685b4487aaa4e20874e.exe

General
Target

0ee74f44700ad685b4487aaa4e20874e.exe

Size

594KB

Sample

201228-dhz15d49p6

Score
10 /10
MD5

0ee74f44700ad685b4487aaa4e20874e

SHA1

923303b9769e44f6deb3a857b023d94fd81b05e7

SHA256

17812ccf744622c22a465fd1d2c0098dbf215423dd433014afab29e232446e4c

SHA512

e292764c37a4f5b88c9013c7cd5ec96ef783329ce4fbf4de0df66875168dfdebfd2e2046a1d182eb6f1670ae74f89e910351c0706accb62b289da60eb91e8f57

Malware Config
Targets
Target

0ee74f44700ad685b4487aaa4e20874e.exe

MD5

0ee74f44700ad685b4487aaa4e20874e

Filesize

594KB

Score
10 /10
SHA1

923303b9769e44f6deb3a857b023d94fd81b05e7

SHA256

17812ccf744622c22a465fd1d2c0098dbf215423dd433014afab29e232446e4c

SHA512

e292764c37a4f5b88c9013c7cd5ec96ef783329ce4fbf4de0df66875168dfdebfd2e2046a1d182eb6f1670ae74f89e910351c0706accb62b289da60eb91e8f57

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10