Static

static

8

c2114030f9...cc.exe

windows7_x64

10

c2114030f9...cc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2114030f9c5daed9908ef1f03b0e4cc.exe

  • Size

    595KB

  • Sample

    201228-xvrx8ea5we

  • MD5

    c2114030f9c5daed9908ef1f03b0e4cc

  • SHA1

    2c49f939664f25ff3b64d49e0834703506512498

  • SHA256

    a1b2dcb716986db2c35442b9000b083179db31d4088244dbb39ce90665bdff15

  • SHA512

    ecfd4253fd6ae7cd92cd9bdfc7768ffcdaea11f8b1d9fd98ec5c7ff46c400647868942b5e9ce354375214f9335094aa82df743c6ffb38cc64ee55a897a294698

Score
10/10
redlineinfostealerupx

Malware Config

Targets

    • Target

      c2114030f9c5daed9908ef1f03b0e4cc.exe

    • Size

      595KB

    • MD5

      c2114030f9c5daed9908ef1f03b0e4cc

    • SHA1

      2c49f939664f25ff3b64d49e0834703506512498

    • SHA256

      a1b2dcb716986db2c35442b9000b083179db31d4088244dbb39ce90665bdff15

    • SHA512

      ecfd4253fd6ae7cd92cd9bdfc7768ffcdaea11f8b1d9fd98ec5c7ff46c400647868942b5e9ce354375214f9335094aa82df743c6ffb38cc64ee55a897a294698

    Score
    10/10
    redlineinfostealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks