General
-
Target
REPACKS PASS (884488).zip
-
Size
5.8MB
-
Sample
220822-lsrstseahn
-
MD5
200cff3b9403824103cfd56bdcfb90bc
-
SHA1
2cb94c03237296e4a4952d44bd78c4f489dedcfe
-
SHA256
a77f38a217972a2b148f5ecf75c7a07e5ab6daa61bdc6e11e031931b6ae6c110
-
SHA512
92e7364ae8d6669a9990d541fef4abc72ba2aaaf5f36fe0032904298571858ff9ad136cfe01e1a1c449d5da6133434ccaef2df8bc8c34f03ed9c75eba1206f5d
-
SSDEEP
98304:5mxr+J8sL6Z+AqIbPRIRXSx9+FngmUCzUieCV/HAUWkGtwq3449fcj:5o+J8sxILN9+CNi1VHGp4yf2
Static task
static1
Behavioral task
behavioral1
Sample
REPACKS PASS (884488)/setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
REPACKS PASS (884488)/setup.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
185.148.39.219:47029
-
auth_value
030514cd8489ae5e380e5ab4739f521f
Targets
-
-
Target
REPACKS PASS (884488)/setup.exe
-
Size
661.6MB
-
MD5
20a29c4cdb0e4f561146f8a8b23a0c75
-
SHA1
b8a3c3b85ff7286e3eca2f8435695f4f31f02a22
-
SHA256
ff9617310db9af9e3c9e5bd9c87b0ffc06c8661a53bca645657b551fdc92f0f5
-
SHA512
5b77be04a40dc140abbc287ce95c3597bf14ccf91923668d72b1c790e34d1c3e3edf49acfa9ca85d565bb49f85f1ad4e7397199195aff952cd858388024868ba
-
SSDEEP
98304:dv5bQ78+LmfAogOrH3YHtuxr+ZXCWQODmUugVrRugus0JIgRW/qq9y6j:ddQ78+BODXr+snUTVh0PW/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-