redline | 1cb4deaed24ce61235be7f7e6d57ebb85e695f7e4534c7bcbfd7118370fabf00 | Triage

Sharing

General

Target

1cb4deaed24ce61235be7f7e6d57ebb85e695f7e4534c7bcbfd7118370fabf00
Size

282KB
Sample

230607-1z7j7age42
MD5

7cac213c7b7a5d02c7b68a5b6142b030
SHA1

8682c2c41dcf4a3293039b1f4f0e42e588c0aa45
SHA256

1cb4deaed24ce61235be7f7e6d57ebb85e695f7e4534c7bcbfd7118370fabf00
SHA512

b160062e6295e6a160f6404138d7c7729441977aaad51575304ee4de06675f087119329c85352dd1a048761debdaa12bc81a89c9466fba5e4f302e4f63c9a8b6
SSDEEP

6144:NQvoWvJLhccwvTygXUNVS4MGh1aBFrvz1xcxcWhXrt:NUjuyR1aBFrvz1xcxdXrt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  1cb4deaed24ce61235be7f7e6d57ebb85e695f7e4534c7bcbfd7118370fabf00
- Size
  
  282KB
- MD5
  
  7cac213c7b7a5d02c7b68a5b6142b030
- SHA1
  
  8682c2c41dcf4a3293039b1f4f0e42e588c0aa45
- SHA256
  
  1cb4deaed24ce61235be7f7e6d57ebb85e695f7e4534c7bcbfd7118370fabf00
- SHA512
  
  b160062e6295e6a160f6404138d7c7729441977aaad51575304ee4de06675f087119329c85352dd1a048761debdaa12bc81a89c9466fba5e4f302e4f63c9a8b6
- SSDEEP
  
  6144:NQvoWvJLhccwvTygXUNVS4MGh1aBFrvz1xcxcWhXrt:NUjuyR1aBFrvz1xcxdXrt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware