redline

General

Target

4cebae64e0fb876ce9ac5c0bfc7c0bb8.exe
Size

409KB
Sample

220119-pabknshehp
MD5

4cebae64e0fb876ce9ac5c0bfc7c0bb8
SHA1

1c02db2ea5cec5ec367754713f3a50610607f59f
SHA256

854fafb9118a481083c420e6701ecee2b438700c267a3debfa7d75afb44eab8d
SHA512

ae7e8a189a344d8f2e9e706a4056fb604cb6585fd30855a9df36e61016222c6aad6ad4cd624f00e9261c286fef173833306e70e8bd8b7b9ee67101fa88add309

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

Pablicher

C2

185.215.113.10:39759

Targets

- Target
  
  4cebae64e0fb876ce9ac5c0bfc7c0bb8.exe
- Size
  
  409KB
- MD5
  
  4cebae64e0fb876ce9ac5c0bfc7c0bb8
- SHA1
  
  1c02db2ea5cec5ec367754713f3a50610607f59f
- SHA256
  
  854fafb9118a481083c420e6701ecee2b438700c267a3debfa7d75afb44eab8d
- SHA512
  
  ae7e8a189a344d8f2e9e706a4056fb604cb6585fd30855a9df36e61016222c6aad6ad4cd624f00e9261c286fef173833306e70e8bd8b7b9ee67101fa88add309
Score

10^/10

redline pablicher discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

We care about your privacy.