General

  • Target

    0236d3993de861cf53b05ad370166a4a.exe

  • Size

    622KB

  • Sample

    210219-xhyzksp9sa

  • MD5

    0236d3993de861cf53b05ad370166a4a

  • SHA1

    142cc937909cc40ada97c2f044ffcf8012a6be00

  • SHA256

    7ba598295df994536137bc987b00344e609035b56a40c93354cde719cd4a2989

  • SHA512

    0e06bd80e647a814861c3694910892961d4688171ebcb76cbcee897f9a8eb1870ce7a88196c130b4870d0cd0c8d8810968505be556e74d52720fd491fa47f83d

Score
10/10

Malware Config

Targets

    • Target

      0236d3993de861cf53b05ad370166a4a.exe

    • Size

      622KB

    • MD5

      0236d3993de861cf53b05ad370166a4a

    • SHA1

      142cc937909cc40ada97c2f044ffcf8012a6be00

    • SHA256

      7ba598295df994536137bc987b00344e609035b56a40c93354cde719cd4a2989

    • SHA512

      0e06bd80e647a814861c3694910892961d4688171ebcb76cbcee897f9a8eb1870ce7a88196c130b4870d0cd0c8d8810968505be556e74d52720fd491fa47f83d

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Command and Control

Web Service

1
T1102

Tasks