Overview

overview

10

Static

static

8

a74382713b...6c.exe

windows7_x64

10

a74382713b...6c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a74382713b34192a9dee0eff7b81936c.exe

  • Size

    595KB

  • Sample

    201228-md17l8rja2

  • MD5

    a74382713b34192a9dee0eff7b81936c

  • SHA1

    390a008218e8f17299a69aab8930c0b1f4dce94e

  • SHA256

    69a445fe86364a5e66215310e8f9afd45734338f7450e7255676ff9f3065d059

  • SHA512

    e7b16756ddf7d072b699a22a5fe850d7574ba870ceaac1a265752c85179a94ce48052d5b8f43896e7364e0355b1e3cb16ecb6c1950c5741efe08c2cb3ed9088b

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      a74382713b34192a9dee0eff7b81936c.exe

    • Size

      595KB

    • MD5

      a74382713b34192a9dee0eff7b81936c

    • SHA1

      390a008218e8f17299a69aab8930c0b1f4dce94e

    • SHA256

      69a445fe86364a5e66215310e8f9afd45734338f7450e7255676ff9f3065d059

    • SHA512

      e7b16756ddf7d072b699a22a5fe850d7574ba870ceaac1a265752c85179a94ce48052d5b8f43896e7364e0355b1e3cb16ecb6c1950c5741efe08c2cb3ed9088b

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks