Overview

overview

10

Static

static

8

5c44144814...cd.exe

windows7_x64

10

5c44144814...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c441448142f5dc5358221d1197d9fcd.exe

  • Size

    594KB

  • Sample

    201228-wnbgc48age

  • MD5

    5c441448142f5dc5358221d1197d9fcd

  • SHA1

    54e4371d254313709280c8a7e5eb8fa0dce22e6f

  • SHA256

    733b75ae9580dccc5e4cc7941e621f89c53b35d94a8b792241f1603ba2e8e675

  • SHA512

    6bcc40a67feba6e2232f26b368341985e1050cfffbecb5843870b9e0bcb2616dc59407dd844274b4cc5eb09e90188c8bcdade0bff1ac0d40946cacab94686faa

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      5c441448142f5dc5358221d1197d9fcd.exe

    • Size

      594KB

    • MD5

      5c441448142f5dc5358221d1197d9fcd

    • SHA1

      54e4371d254313709280c8a7e5eb8fa0dce22e6f

    • SHA256

      733b75ae9580dccc5e4cc7941e621f89c53b35d94a8b792241f1603ba2e8e675

    • SHA512

      6bcc40a67feba6e2232f26b368341985e1050cfffbecb5843870b9e0bcb2616dc59407dd844274b4cc5eb09e90188c8bcdade0bff1ac0d40946cacab94686faa

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks