redline | e5346cb75cfe1aced53ead50429496b4fb1c6c3ba521a976bde66085b20fd64e | Triage

Sharing

General

Target

e5346cb75cfe1aced53ead50429496b4fb1c6c3ba521a976bde66085b20fd64e
Size

1.2MB
Sample

220514-eg1s2aeff7
MD5

b0b9470f03c04a398d11f9efdd6a8831
SHA1

7d64f130d1a2edac3390f60246042628201d369f
SHA256

e5346cb75cfe1aced53ead50429496b4fb1c6c3ba521a976bde66085b20fd64e
SHA512

fa5f5f4eec914ec2ce6f6f3a642ae29921b9135d8baced6dbc06128d1d6579fefa10b2603a6219422a440249a4a7c465363abc13d28f729368e2d33ba99f4128

Score

10^/10

redline paladin infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Paladin

C2

193.150.103.38:40169

Attributes

auth_value
27544084559b144244d7ad7299642a4c

Targets

- Target
  
  e5346cb75cfe1aced53ead50429496b4fb1c6c3ba521a976bde66085b20fd64e
- Size
  
  1.2MB
- MD5
  
  b0b9470f03c04a398d11f9efdd6a8831
- SHA1
  
  7d64f130d1a2edac3390f60246042628201d369f
- SHA256
  
  e5346cb75cfe1aced53ead50429496b4fb1c6c3ba521a976bde66085b20fd64e
- SHA512
  
  fa5f5f4eec914ec2ce6f6f3a642ae29921b9135d8baced6dbc06128d1d6579fefa10b2603a6219422a440249a4a7c465363abc13d28f729368e2d33ba99f4128
Score

10^/10

redline paladin infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladininfostealerspyware