General

  • Target

    53c599ee6324db60c4b394722d950d3a.exe

  • Size

    594KB

  • Sample

    201228-e7bws7lrqx

  • MD5

    53c599ee6324db60c4b394722d950d3a

  • SHA1

    7a5d027376db62faecbe44d866a908f3915fc4f1

  • SHA256

    0d828c5af228839b87308f801d19ce5ea0ffc333eee641390c089207f16a96bf

  • SHA512

    b0c24a3a70d3bfa22164e711fe2357f0f7241f46502e2cfc660d7e2b2a76a4ad571f0044c44a1a547fe08b3432575e3eab286ec14cd699f3cac9ef5f1d7f8f9f

Score
10/10

Malware Config

Targets

    • Target

      53c599ee6324db60c4b394722d950d3a.exe

    • Size

      594KB

    • MD5

      53c599ee6324db60c4b394722d950d3a

    • SHA1

      7a5d027376db62faecbe44d866a908f3915fc4f1

    • SHA256

      0d828c5af228839b87308f801d19ce5ea0ffc333eee641390c089207f16a96bf

    • SHA512

      b0c24a3a70d3bfa22164e711fe2357f0f7241f46502e2cfc660d7e2b2a76a4ad571f0044c44a1a547fe08b3432575e3eab286ec14cd699f3cac9ef5f1d7f8f9f

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks