redline | 9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a | Triage

Submit
Reports

Overview

overview

Static

static

2f1dfc83eb...91.exe

windows7_x64

2f1dfc83eb...91.exe

windows10-2004_x64

Sharing

General

Target

2f1dfc83eb1cc80efead779c68054791
Size

2.5MB
Sample

220517-spk97sgeeq
MD5

2f1dfc83eb1cc80efead779c68054791
SHA1

14beea78488f5b3e8c2e8e2376713c01c86701a6
SHA256

9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
SHA512

2bb14a7a902ce318b853b3f402ca4cb8213c52125b5252dbd21f8bb19372da1b97b9310fb51b7b7aa18c060b1790f32f1e41c8ef5c4fb8746ec21aa80387a60b

Score

10^/10

redline paladin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2f1dfc83eb1cc80efead779c68054791.exe

Resource

win7-20220414-en

redline paladin discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2f1dfc83eb1cc80efead779c68054791.exe

Resource

win10v2004-20220414-en

redline paladin discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Paladin

C2

193.150.103.38:40169

Attributes

auth_value
27544084559b144244d7ad7299642a4c

Targets

- Target
  
  2f1dfc83eb1cc80efead779c68054791
- Size
  
  2.5MB
- MD5
  
  2f1dfc83eb1cc80efead779c68054791
- SHA1
  
  14beea78488f5b3e8c2e8e2376713c01c86701a6
- SHA256
  
  9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
- SHA512
  
  2bb14a7a902ce318b853b3f402ca4cb8213c52125b5252dbd21f8bb19372da1b97b9310fb51b7b7aa18c060b1790f32f1e41c8ef5c4fb8746ec21aa80387a60b
Score

10^/10

redline paladin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladindiscoveryinfostealerspywarestealer

behavioral2

redlinepaladindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy