General
-
Target
5d68e5dfd3153e78217d2edb17fbbcd9.exe
-
Size
2.3MB
-
Sample
220512-hktexadehn
-
MD5
5d68e5dfd3153e78217d2edb17fbbcd9
-
SHA1
168344a2a19f3cd724f29c8177fa4f666b9c5478
-
SHA256
ff7574f9f1d15594e409bee206f5db6c76db7c90dda2ae4f241b77cd0c7b6bf6
-
SHA512
d30743bcea103c97cd9d21117c28dbfb6c186bb979741510e1cc05dedc925a387cf05844bde746c5e0bb5d46f54f596821a403eadb116087b5ab2ce06d63ca90
Static task
static1
Behavioral task
behavioral1
Sample
5d68e5dfd3153e78217d2edb17fbbcd9.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
Paladin
193.150.103.38:40169
-
auth_value
27544084559b144244d7ad7299642a4c
Targets
-
-
Target
5d68e5dfd3153e78217d2edb17fbbcd9.exe
-
Size
2.3MB
-
MD5
5d68e5dfd3153e78217d2edb17fbbcd9
-
SHA1
168344a2a19f3cd724f29c8177fa4f666b9c5478
-
SHA256
ff7574f9f1d15594e409bee206f5db6c76db7c90dda2ae4f241b77cd0c7b6bf6
-
SHA512
d30743bcea103c97cd9d21117c28dbfb6c186bb979741510e1cc05dedc925a387cf05844bde746c5e0bb5d46f54f596821a403eadb116087b5ab2ce06d63ca90
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-