General
-
Target
Rust hack.exe
-
Size
5.0MB
-
Sample
220918-kw35laehcj
-
MD5
14b08cb6e4b93d7a76d178abf04ef48f
-
SHA1
3134cfae891cf52b536d528c16437bd09fe37b05
-
SHA256
f38e24c20038efc932ac5ba130678e7855e893a0aeac5ae4ce950f2631670d48
-
SHA512
f9858eac1546cd90f6565881b17f5638c9223d0a3300559170b82adec4bdf4b0ff8247eb5616dbfea4c845311d5600c72f32a3c6cb4ec1a2b7560e7d3a4ab8c2
-
SSDEEP
98304:J6MEwGvFQyL9mbIr+UKxgCD1VslkSRHpBI91TG0lVLRlz99NPlU/W:0JbQyL9mErlKxH+kcH880lJz99Rlf
Static task
static1
Behavioral task
behavioral1
Sample
Rust hack.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
185.106.92.8:38644
-
auth_value
eee9f472fdc42c3c837934bac059c901
Targets
-
-
Target
Rust hack.exe
-
Size
5.0MB
-
MD5
14b08cb6e4b93d7a76d178abf04ef48f
-
SHA1
3134cfae891cf52b536d528c16437bd09fe37b05
-
SHA256
f38e24c20038efc932ac5ba130678e7855e893a0aeac5ae4ce950f2631670d48
-
SHA512
f9858eac1546cd90f6565881b17f5638c9223d0a3300559170b82adec4bdf4b0ff8247eb5616dbfea4c845311d5600c72f32a3c6cb4ec1a2b7560e7d3a4ab8c2
-
SSDEEP
98304:J6MEwGvFQyL9mbIr+UKxgCD1VslkSRHpBI91TG0lVLRlz99NPlU/W:0JbQyL9mErlKxH+kcH880lJz99Rlf
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-