Overview

overview

10

Static

static

8

7e627a2036...e3.exe

windows7_x64

10

7e627a2036...e3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e627a2036d185712606530fe642cae3.exe

  • Size

    594KB

  • Sample

    201228-nw1jn8389s

  • MD5

    7e627a2036d185712606530fe642cae3

  • SHA1

    c209888e5964ecce9d0f72acd68d33cb27d78f5f

  • SHA256

    0d7238358839c038b9a3363cb2d82c029178c7133c85531e91e1b5edeef265c6

  • SHA512

    fbb83d7fdaac6340697149815d228ad2c31e5b1b4b302c433062a5cd93281db5f45b1db36025be5b2f94f5d6ecdebfb0101a81f0487fd3609848abb4df75ff82

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      7e627a2036d185712606530fe642cae3.exe

    • Size

      594KB

    • MD5

      7e627a2036d185712606530fe642cae3

    • SHA1

      c209888e5964ecce9d0f72acd68d33cb27d78f5f

    • SHA256

      0d7238358839c038b9a3363cb2d82c029178c7133c85531e91e1b5edeef265c6

    • SHA512

      fbb83d7fdaac6340697149815d228ad2c31e5b1b4b302c433062a5cd93281db5f45b1db36025be5b2f94f5d6ecdebfb0101a81f0487fd3609848abb4df75ff82

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks