General
-
Target
e231ea3632e21091bdc9e7bc503323e4.exe
-
Size
2.3MB
-
Sample
220416-gs6vjagac5
-
MD5
e231ea3632e21091bdc9e7bc503323e4
-
SHA1
1ec542a90d01ede7dee22fc59211c829ee5199a2
-
SHA256
fea7374fe6529cc9701b756fc2763ba053ee3f3798b3b594cdb6147c5fde5b8a
-
SHA512
7a747c994aced4ca1e1eab78ec4440f8a977e390424877b4759d5043cbba160b8cee30a5d44f30e8cd4f18cbe3f78c6a50df64ea6176b508ced0c8a9f9ff646c
Static task
static1
Behavioral task
behavioral1
Sample
e231ea3632e21091bdc9e7bc503323e4.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
paladin
193.150.103.38:80
-
auth_value
87a8f0ab6301809ee2c83215939da2a6
Targets
-
-
Target
e231ea3632e21091bdc9e7bc503323e4.exe
-
Size
2.3MB
-
MD5
e231ea3632e21091bdc9e7bc503323e4
-
SHA1
1ec542a90d01ede7dee22fc59211c829ee5199a2
-
SHA256
fea7374fe6529cc9701b756fc2763ba053ee3f3798b3b594cdb6147c5fde5b8a
-
SHA512
7a747c994aced4ca1e1eab78ec4440f8a977e390424877b4759d5043cbba160b8cee30a5d44f30e8cd4f18cbe3f78c6a50df64ea6176b508ced0c8a9f9ff646c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-