redline | ff7574f9f1d15594e409bee206f5db6c76db7c90dda2ae4f241b77cd0c7b6bf6 | Triage

Submit
Reports

Overview

overview

Static

static

5d68e5dfd3...d9.exe

windows7_x64

5d68e5dfd3...d9.exe

windows10-2004_x64

Sharing

General

Target

5d68e5dfd3153e78217d2edb17fbbcd9.exe
Size

2.3MB
Sample

220512-hktexadehn
MD5

5d68e5dfd3153e78217d2edb17fbbcd9
SHA1

168344a2a19f3cd724f29c8177fa4f666b9c5478
SHA256

ff7574f9f1d15594e409bee206f5db6c76db7c90dda2ae4f241b77cd0c7b6bf6
SHA512

d30743bcea103c97cd9d21117c28dbfb6c186bb979741510e1cc05dedc925a387cf05844bde746c5e0bb5d46f54f596821a403eadb116087b5ab2ce06d63ca90

Score

10^/10

redline paladin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5d68e5dfd3153e78217d2edb17fbbcd9.exe

Resource

win7-20220414-en

redline paladin discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5d68e5dfd3153e78217d2edb17fbbcd9.exe

Resource

win10v2004-20220414-en

redline paladin discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Paladin

C2

193.150.103.38:40169

Attributes

auth_value
27544084559b144244d7ad7299642a4c

Targets

- Target
  
  5d68e5dfd3153e78217d2edb17fbbcd9.exe
- Size
  
  2.3MB
- MD5
  
  5d68e5dfd3153e78217d2edb17fbbcd9
- SHA1
  
  168344a2a19f3cd724f29c8177fa4f666b9c5478
- SHA256
  
  ff7574f9f1d15594e409bee206f5db6c76db7c90dda2ae4f241b77cd0c7b6bf6
- SHA512
  
  d30743bcea103c97cd9d21117c28dbfb6c186bb979741510e1cc05dedc925a387cf05844bde746c5e0bb5d46f54f596821a403eadb116087b5ab2ce06d63ca90
Score

10^/10

redline paladin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladindiscoveryinfostealerspywarestealer

behavioral2

redlinepaladindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy