redline | 9dc092fdfab11892e7e732bc89f84af4afa7d72ad1e0032d00ca2e42d6f51298 | Triage

Submit
Reports

Overview

overview

Static

static

cf0b9e22bb...ac.exe

windows7_x64

cf0b9e22bb...ac.exe

windows10_x64

Sharing

General

Target

cf0b9e22bb46f92f60f0d81a6004aaac.exe
Size

363KB
Sample

211026-yeemkaabh6
MD5

cf0b9e22bb46f92f60f0d81a6004aaac
SHA1

f28f278e0dd0a35b83c279548b48790104dafde8
SHA256

9dc092fdfab11892e7e732bc89f84af4afa7d72ad1e0032d00ca2e42d6f51298
SHA512

0e8437e10c4ba36b6a1cc831a215c73b308627270bc260fc01eb5636fa1168bbe7903a14adc681e6642072f080d7a3b4900241e85b8fb80447c971ebdd5cb56a

Score

10^/10

redline paladin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf0b9e22bb46f92f60f0d81a6004aaac.exe

Resource

win7-en-20211014

redline paladin discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf0b9e22bb46f92f60f0d81a6004aaac.exe

Resource

win10-en-20210920

redline paladin discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

193.150.103.37:29118

Targets

- Target
  
  cf0b9e22bb46f92f60f0d81a6004aaac.exe
- Size
  
  363KB
- MD5
  
  cf0b9e22bb46f92f60f0d81a6004aaac
- SHA1
  
  f28f278e0dd0a35b83c279548b48790104dafde8
- SHA256
  
  9dc092fdfab11892e7e732bc89f84af4afa7d72ad1e0032d00ca2e42d6f51298
- SHA512
  
  0e8437e10c4ba36b6a1cc831a215c73b308627270bc260fc01eb5636fa1168bbe7903a14adc681e6642072f080d7a3b4900241e85b8fb80447c971ebdd5cb56a
Score

10^/10

redline paladin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladindiscoveryinfostealerspywarestealer

behavioral2

redlinepaladindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy