Overview

overview

10

Static

static

8

8ccc72fc53...e7.exe

windows7_x64

10

8ccc72fc53...e7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ccc72fc539ea17a54a72ff1c807e5e7.exe

  • Size

    594KB

  • Sample

    201228-fn6s1k4avj

  • MD5

    8ccc72fc539ea17a54a72ff1c807e5e7

  • SHA1

    6f8f578293cb18846a65780a35bfe5c2f0cd1a53

  • SHA256

    d353f3b7719f38d318288f61c408ce4f07d95fe2c02f97646533b230f6f9be85

  • SHA512

    18ef52d61c2352aa1d47f54a575c1cc6ad86ca812165b4f2685c325e55bb376118d69bbfce436d99cf707854b03da7f80ab983a4dcb93e267d1b98a42da44e71

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      8ccc72fc539ea17a54a72ff1c807e5e7.exe

    • Size

      594KB

    • MD5

      8ccc72fc539ea17a54a72ff1c807e5e7

    • SHA1

      6f8f578293cb18846a65780a35bfe5c2f0cd1a53

    • SHA256

      d353f3b7719f38d318288f61c408ce4f07d95fe2c02f97646533b230f6f9be85

    • SHA512

      18ef52d61c2352aa1d47f54a575c1cc6ad86ca812165b4f2685c325e55bb376118d69bbfce436d99cf707854b03da7f80ab983a4dcb93e267d1b98a42da44e71

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks