redline | 76e01d2f8a20a8432520b025490c1ea97390a5240b6daeb15d16fbacc45bc25f | Triage

Sharing

General

Target

76e01d2f8a20a8432520b025490c1ea97390a5240b6daeb15d16fbacc45bc25f
Size

262KB
Sample

230607-peeg5aab79
MD5

8b1d34f7d6de5101cb9cd045e3c159db
SHA1

775fc99b9fa8ac8ac3254f6d3c08012c4a25b38b
SHA256

76e01d2f8a20a8432520b025490c1ea97390a5240b6daeb15d16fbacc45bc25f
SHA512

3d899aaa36a705986e158342ca68458a5f411c869d7097ec9664f89d572973baf04662380855b13fa7a23b8cff3b8cc6b984a1aa600e8a8f5e7cb583d06a2105
SSDEEP

3072:tx/Q2F17ZieyqyXFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2SUHcj/:j/Q417srFaQ7W05AEezbMPZFzAy2Sc

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  76e01d2f8a20a8432520b025490c1ea97390a5240b6daeb15d16fbacc45bc25f
- Size
  
  262KB
- MD5
  
  8b1d34f7d6de5101cb9cd045e3c159db
- SHA1
  
  775fc99b9fa8ac8ac3254f6d3c08012c4a25b38b
- SHA256
  
  76e01d2f8a20a8432520b025490c1ea97390a5240b6daeb15d16fbacc45bc25f
- SHA512
  
  3d899aaa36a705986e158342ca68458a5f411c869d7097ec9664f89d572973baf04662380855b13fa7a23b8cff3b8cc6b984a1aa600e8a8f5e7cb583d06a2105
- SSDEEP
  
  3072:tx/Q2F17ZieyqyXFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2SUHcj/:j/Q417srFaQ7W05AEezbMPZFzAy2Sc
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware