Overview

overview

10

Static

static

Umbrella36.5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Umbrella36.5.exe

  • Size

    4.6MB

  • Sample

    211021-p8aq2aacg4

  • MD5

    ec04b75101fb19084dc84b466e96ff3b

  • SHA1

    f8724452d253486c8acd6c4e43d3f8e25c6aaea4

  • SHA256

    1df5e765a070d02080f3a8be3bcd756b20ea5dbb1f50c337b371145e41f05383

  • SHA512

    c76f717eb597306f310465b390b10ad0c166ca1beae4ca7c5603e42703b587ec63931c524753307ad6279585cf5eb193053eab5b789ec975844b6083cfcb0926

Score
10/10
redline832304211infostealer

Malware Config

Extracted

Family

redline

Botnet

832304211

C2

94.26.248.120:63731

Targets

    • Target

      Umbrella36.5.exe

    • Size

      4.6MB

    • MD5

      ec04b75101fb19084dc84b466e96ff3b

    • SHA1

      f8724452d253486c8acd6c4e43d3f8e25c6aaea4

    • SHA256

      1df5e765a070d02080f3a8be3bcd756b20ea5dbb1f50c337b371145e41f05383

    • SHA512

      c76f717eb597306f310465b390b10ad0c166ca1beae4ca7c5603e42703b587ec63931c524753307ad6279585cf5eb193053eab5b789ec975844b6083cfcb0926

    Score
    10/10
    redline832304211infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks