Static

static

8

1de9cd5d00...f8.exe

windows7_x64

10

1de9cd5d00...f8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1de9cd5d00e3b88d8686349a06504ff8.exe

  • Size

    594KB

  • Sample

    201228-hxqq3gmm3e

  • MD5

    1de9cd5d00e3b88d8686349a06504ff8

  • SHA1

    95188cefb84c7ed559a128e02cbd89a540ae1bb7

  • SHA256

    7328f90488ba26b3e9d92cf097f69a4ba7ffca152660bf1e126cc5d1c7a1f835

  • SHA512

    205a1f65c1278206d35010be72e8a92c05d2a1a9412384b71d149999ab1857476c1b4070dd695791bbeed065abb451a31725a3796a4d1d4647ac80d48e4b8407

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      1de9cd5d00e3b88d8686349a06504ff8.exe

    • Size

      594KB

    • MD5

      1de9cd5d00e3b88d8686349a06504ff8

    • SHA1

      95188cefb84c7ed559a128e02cbd89a540ae1bb7

    • SHA256

      7328f90488ba26b3e9d92cf097f69a4ba7ffca152660bf1e126cc5d1c7a1f835

    • SHA512

      205a1f65c1278206d35010be72e8a92c05d2a1a9412384b71d149999ab1857476c1b4070dd695791bbeed065abb451a31725a3796a4d1d4647ac80d48e4b8407

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks