860ba1abb7492b10512445c13994b685.exe

General
Target

860ba1abb7492b10512445c13994b685.exe

Size

595KB

Sample

201228-mxytly74xx

Score
10 /10
MD5

860ba1abb7492b10512445c13994b685

SHA1

2eaedfa31c5906b83696d9d966285f23d1512a0b

SHA256

8ec19d4e2e49adcd9c4b08b769f3d8cab2708d7cba29dc47eb85673b78f35103

SHA512

89e86190c4c30de5d0a49ca11c9dd73f87ac9216ed8f92d5120e808a8c99f1e9b0863a0418aad0adde02d636b7bc85a22f45130cbf2da2cb41d592e227bc8204

Malware Config
Targets
Target

860ba1abb7492b10512445c13994b685.exe

MD5

860ba1abb7492b10512445c13994b685

Filesize

595KB

Score
10 /10
SHA1

2eaedfa31c5906b83696d9d966285f23d1512a0b

SHA256

8ec19d4e2e49adcd9c4b08b769f3d8cab2708d7cba29dc47eb85673b78f35103

SHA512

89e86190c4c30de5d0a49ca11c9dd73f87ac9216ed8f92d5120e808a8c99f1e9b0863a0418aad0adde02d636b7bc85a22f45130cbf2da2cb41d592e227bc8204

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10