General
-
Target
9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
-
Size
2.5MB
-
Sample
220517-ss8jxagfam
-
MD5
2f1dfc83eb1cc80efead779c68054791
-
SHA1
14beea78488f5b3e8c2e8e2376713c01c86701a6
-
SHA256
9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
-
SHA512
2bb14a7a902ce318b853b3f402ca4cb8213c52125b5252dbd21f8bb19372da1b97b9310fb51b7b7aa18c060b1790f32f1e41c8ef5c4fb8746ec21aa80387a60b
Static task
static1
Malware Config
Extracted
redline
Paladin
193.150.103.38:40169
-
auth_value
27544084559b144244d7ad7299642a4c
Targets
-
-
Target
9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
-
Size
2.5MB
-
MD5
2f1dfc83eb1cc80efead779c68054791
-
SHA1
14beea78488f5b3e8c2e8e2376713c01c86701a6
-
SHA256
9decc60453eafb9217db9d5ee5eee169e67c957fd9c452e1d45b9a42aa67cd3a
-
SHA512
2bb14a7a902ce318b853b3f402ca4cb8213c52125b5252dbd21f8bb19372da1b97b9310fb51b7b7aa18c060b1790f32f1e41c8ef5c4fb8746ec21aa80387a60b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-