redline | 6745b8f274b82c9201fe7dbad15cbed6dadb66b3d438b12ad5367c38be652f61 | Triage

Sharing

General

Target

6745b8f274b82c9201fe7dbad15cbed6dadb66b3d438b12ad5367c38be652f61
Size

261KB
Sample

230607-r6yq7abh28
MD5

008eaa46e5591ecac724b25c936dda66
SHA1

3c4378f97fa38189b5d7e6d6bc276d5934326ef2
SHA256

6745b8f274b82c9201fe7dbad15cbed6dadb66b3d438b12ad5367c38be652f61
SHA512

3c117c189bad2586c06d03c8eff71e43d6c7f8e415374cd0baceac2fbd14231c7fc13390724932159910aaea19326874caa0747795aaa3e46b6754c26772bd08
SSDEEP

3072:1hg7I11vuJRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:zgc11bFaQ7W05AEezbMPZFzAy2yA

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  6745b8f274b82c9201fe7dbad15cbed6dadb66b3d438b12ad5367c38be652f61
- Size
  
  261KB
- MD5
  
  008eaa46e5591ecac724b25c936dda66
- SHA1
  
  3c4378f97fa38189b5d7e6d6bc276d5934326ef2
- SHA256
  
  6745b8f274b82c9201fe7dbad15cbed6dadb66b3d438b12ad5367c38be652f61
- SHA512
  
  3c117c189bad2586c06d03c8eff71e43d6c7f8e415374cd0baceac2fbd14231c7fc13390724932159910aaea19326874caa0747795aaa3e46b6754c26772bd08
- SSDEEP
  
  3072:1hg7I11vuJRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:zgc11bFaQ7W05AEezbMPZFzAy2yA
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware