Static

static

8

860ba1abb7...85.exe

windows7_x64

10

860ba1abb7...85.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    860ba1abb7492b10512445c13994b685.exe

  • Size

    595KB

  • Sample

    201228-mxytly74xx

  • MD5

    860ba1abb7492b10512445c13994b685

  • SHA1

    2eaedfa31c5906b83696d9d966285f23d1512a0b

  • SHA256

    8ec19d4e2e49adcd9c4b08b769f3d8cab2708d7cba29dc47eb85673b78f35103

  • SHA512

    89e86190c4c30de5d0a49ca11c9dd73f87ac9216ed8f92d5120e808a8c99f1e9b0863a0418aad0adde02d636b7bc85a22f45130cbf2da2cb41d592e227bc8204

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      860ba1abb7492b10512445c13994b685.exe

    • Size

      595KB

    • MD5

      860ba1abb7492b10512445c13994b685

    • SHA1

      2eaedfa31c5906b83696d9d966285f23d1512a0b

    • SHA256

      8ec19d4e2e49adcd9c4b08b769f3d8cab2708d7cba29dc47eb85673b78f35103

    • SHA512

      89e86190c4c30de5d0a49ca11c9dd73f87ac9216ed8f92d5120e808a8c99f1e9b0863a0418aad0adde02d636b7bc85a22f45130cbf2da2cb41d592e227bc8204

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks