53c599ee6324db60c4b394722d950d3a.exe

General
Target

53c599ee6324db60c4b394722d950d3a.exe

Size

594KB

Sample

201228-e7bws7lrqx

Score
10 /10
MD5

53c599ee6324db60c4b394722d950d3a

SHA1

7a5d027376db62faecbe44d866a908f3915fc4f1

SHA256

0d828c5af228839b87308f801d19ce5ea0ffc333eee641390c089207f16a96bf

SHA512

b0c24a3a70d3bfa22164e711fe2357f0f7241f46502e2cfc660d7e2b2a76a4ad571f0044c44a1a547fe08b3432575e3eab286ec14cd699f3cac9ef5f1d7f8f9f

Malware Config
Targets
Target

53c599ee6324db60c4b394722d950d3a.exe

MD5

53c599ee6324db60c4b394722d950d3a

Filesize

594KB

Score
10 /10
SHA1

7a5d027376db62faecbe44d866a908f3915fc4f1

SHA256

0d828c5af228839b87308f801d19ce5ea0ffc333eee641390c089207f16a96bf

SHA512

b0c24a3a70d3bfa22164e711fe2357f0f7241f46502e2cfc660d7e2b2a76a4ad571f0044c44a1a547fe08b3432575e3eab286ec14cd699f3cac9ef5f1d7f8f9f

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10