redline | f38e24c20038efc932ac5ba130678e7855e893a0aeac5ae4ce950f2631670d48 | Triage

Submit
Reports

Overview

overview

Static

static

Rust hack.exe

windows10-2004-x64

Sharing

General

Target

Rust hack.exe
Size

5.0MB
Sample

220918-kw35laehcj
MD5

14b08cb6e4b93d7a76d178abf04ef48f
SHA1

3134cfae891cf52b536d528c16437bd09fe37b05
SHA256

f38e24c20038efc932ac5ba130678e7855e893a0aeac5ae4ce950f2631670d48
SHA512

f9858eac1546cd90f6565881b17f5638c9223d0a3300559170b82adec4bdf4b0ff8247eb5616dbfea4c845311d5600c72f32a3c6cb4ec1a2b7560e7d3a4ab8c2
SSDEEP

98304:J6MEwGvFQyL9mbIr+UKxgCD1VslkSRHpBI91TG0lVLRlz99NPlU/W:0JbQyL9mErlKxH+kcH880lJz99Rlf

Score

10^/10

redline discovery evasion exploit infostealer

Static task

static1

Behavioral task

behavioral1

Sample

Rust hack.exe

Resource

win10v2004-20220812-en

redline discovery evasion exploit infostealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.106.92.8:38644

Attributes

auth_value
eee9f472fdc42c3c837934bac059c901

Targets

- Target
  
  Rust hack.exe
- Size
  
  5.0MB
- MD5
  
  14b08cb6e4b93d7a76d178abf04ef48f
- SHA1
  
  3134cfae891cf52b536d528c16437bd09fe37b05
- SHA256
  
  f38e24c20038efc932ac5ba130678e7855e893a0aeac5ae4ce950f2631670d48
- SHA512
  
  f9858eac1546cd90f6565881b17f5638c9223d0a3300559170b82adec4bdf4b0ff8247eb5616dbfea4c845311d5600c72f32a3c6cb4ec1a2b7560e7d3a4ab8c2
- SSDEEP
  
  98304:J6MEwGvFQyL9mbIr+UKxgCD1VslkSRHpBI91TG0lVLRlz99NPlU/W:0JbQyL9mErlKxH+kcH880lJz99Rlf
Score

10^/10

redline discovery evasion exploit infostealer
- Modifies security service
  evasion
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

redlinediscoveryevasionexploitinfostealer

© 2018-2024

Terms | Privacy