Overview

overview

10

Static

static

8

1f87473cce...e4.exe

windows7_x64

10

1f87473cce...e4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f87473ccecf48a5a570ad8ef35c0ee4.exe

  • Size

    594KB

  • Sample

    201228-kr2rlxekxj

  • MD5

    1f87473ccecf48a5a570ad8ef35c0ee4

  • SHA1

    4e21b16f6574b28d67fcecd7aebae704f921b4f2

  • SHA256

    a8d6e8219c6ec6f8284026609f9989fa8caa68e517a239973da19793d1fc2d60

  • SHA512

    285578f8a7673948483854b05a4ff09c658432123f9c166ae3629beeabd6e72523687d8a56b76b8cb34fd814cc109116c0abdd25bddae2465b7cb36f153435f4

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      1f87473ccecf48a5a570ad8ef35c0ee4.exe

    • Size

      594KB

    • MD5

      1f87473ccecf48a5a570ad8ef35c0ee4

    • SHA1

      4e21b16f6574b28d67fcecd7aebae704f921b4f2

    • SHA256

      a8d6e8219c6ec6f8284026609f9989fa8caa68e517a239973da19793d1fc2d60

    • SHA512

      285578f8a7673948483854b05a4ff09c658432123f9c166ae3629beeabd6e72523687d8a56b76b8cb34fd814cc109116c0abdd25bddae2465b7cb36f153435f4

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks