Static

static

8

084717e75f...8d.exe

windows7_x64

10

084717e75f...8d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084717e75f1c84ccc8c29778bd4cab8d.exe

  • Size

    594KB

  • Sample

    201228-q22452ryj2

  • MD5

    084717e75f1c84ccc8c29778bd4cab8d

  • SHA1

    8b45073d398bdf8043994869eed4f8f32c505419

  • SHA256

    5d3305569be7fddd5756f39b8fc668091f800a731468707cf570c558f585c687

  • SHA512

    cc5374872eb604f1ebd8dec49075ad59df192b6e78cf4b3fdd06b6d1ed0611fac1274f4115a3b1f764287a2fe5f7b9cd6f7f3f0476368f3e6eaf09dd41487767

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      084717e75f1c84ccc8c29778bd4cab8d.exe

    • Size

      594KB

    • MD5

      084717e75f1c84ccc8c29778bd4cab8d

    • SHA1

      8b45073d398bdf8043994869eed4f8f32c505419

    • SHA256

      5d3305569be7fddd5756f39b8fc668091f800a731468707cf570c558f585c687

    • SHA512

      cc5374872eb604f1ebd8dec49075ad59df192b6e78cf4b3fdd06b6d1ed0611fac1274f4115a3b1f764287a2fe5f7b9cd6f7f3f0476368f3e6eaf09dd41487767

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks