redline | 67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2 | Triage

Sharing

General

Target

67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2
Size

282KB
Sample

230607-2xvy2sgh86
MD5

d2cc25c594d2c5c0b75eb60576dff355
SHA1

c5fba0df5a79e42be2fca4eeec5e215dca73dbbe
SHA256

67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2
SHA512

45f5d90f4de86f54e75b708eb7b9ec3f84d52c9e5ccee9011244a7614234355031c23afb16255cca5fa939212a825e07ee746f989700e46363a95e07ec8df88c
SSDEEP

6144:SQvoWvJj4fHwvTygXUNVS4MGh1aBFrvz1xcxcWh4rt:SUqEyR1aBFrvz1xcxd4rt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2
- Size
  
  282KB
- MD5
  
  d2cc25c594d2c5c0b75eb60576dff355
- SHA1
  
  c5fba0df5a79e42be2fca4eeec5e215dca73dbbe
- SHA256
  
  67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2
- SHA512
  
  45f5d90f4de86f54e75b708eb7b9ec3f84d52c9e5ccee9011244a7614234355031c23afb16255cca5fa939212a825e07ee746f989700e46363a95e07ec8df88c
- SSDEEP
  
  6144:SQvoWvJj4fHwvTygXUNVS4MGh1aBFrvz1xcxcWh4rt:SUqEyR1aBFrvz1xcxd4rt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware