General
-
Target
https://github.com/Nemox/Paladins-Internal-Esp-Aimbot-Hack-Cheat-Hack
-
Sample
221104-2a7dkadedk
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Nemox/Paladins-Internal-Esp-Aimbot-Hack-Cheat-Hack
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
SecurityHealthSeurvice
217.64.31.3:8437
SecurityHealthSeurvice
-
delay
3
-
install
false
-
install_file
SecurityHealthSeurvice.exe
-
install_folder
%AppData%
Extracted
redline
dEFENDER
20.19.164.86:22616
Extracted
asyncrat
0.5.7B
FileManager
20.107.115.162:50239
FileManager
-
delay
3
-
install
false
-
install_file
FileManager
-
install_folder
%AppData%
Targets
-
-
Target
https://github.com/Nemox/Paladins-Internal-Esp-Aimbot-Hack-Cheat-Hack
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-