Overview

overview

10

Static

static

8

cf9789f166...20.exe

windows7_x64

10

cf9789f166...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf9789f166db5c71af1b66f9b6ace520.exe

  • Size

    595KB

  • Sample

    201228-gh92kl823e

  • MD5

    cf9789f166db5c71af1b66f9b6ace520

  • SHA1

    aa8162bb254d0bdd93c980bf74be9acbe5a525dc

  • SHA256

    4eb5508fd5f2e2e2c78f406c2312dd83d7790d3822cb2182fbb86df85afd6777

  • SHA512

    ee4c53bff067ebc76b8c27b8dd163640409864168c924869d7f8fe2543da4d03c0ae55cc08e1b2bd36684df72d4d21453b3ca6fff28c16737b123a27bdc793ac

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      cf9789f166db5c71af1b66f9b6ace520.exe

    • Size

      595KB

    • MD5

      cf9789f166db5c71af1b66f9b6ace520

    • SHA1

      aa8162bb254d0bdd93c980bf74be9acbe5a525dc

    • SHA256

      4eb5508fd5f2e2e2c78f406c2312dd83d7790d3822cb2182fbb86df85afd6777

    • SHA512

      ee4c53bff067ebc76b8c27b8dd163640409864168c924869d7f8fe2543da4d03c0ae55cc08e1b2bd36684df72d4d21453b3ca6fff28c16737b123a27bdc793ac

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks