Umbrella36.5.exe

General
Target

Umbrella36.5.exe

Size

4MB

Sample

211021-p8aq2aacg4

Score
10 /10
MD5

ec04b75101fb19084dc84b466e96ff3b

SHA1

f8724452d253486c8acd6c4e43d3f8e25c6aaea4

SHA256

1df5e765a070d02080f3a8be3bcd756b20ea5dbb1f50c337b371145e41f05383

SHA512

c76f717eb597306f310465b390b10ad0c166ca1beae4ca7c5603e42703b587ec63931c524753307ad6279585cf5eb193053eab5b789ec975844b6083cfcb0926

Malware Config

Extracted

Family redline
Botnet 832304211
C2

94.26.248.120:63731

Targets
Target

Umbrella36.5.exe

MD5

ec04b75101fb19084dc84b466e96ff3b

Filesize

4MB

Score
10/10
SHA1

f8724452d253486c8acd6c4e43d3f8e25c6aaea4

SHA256

1df5e765a070d02080f3a8be3bcd756b20ea5dbb1f50c337b371145e41f05383

SHA512

c76f717eb597306f310465b390b10ad0c166ca1beae4ca7c5603e42703b587ec63931c524753307ad6279585cf5eb193053eab5b789ec975844b6083cfcb0926

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10