redline | a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad | Triage

Sharing

General

Target

a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad
Size

261KB
Sample

230607-svttjacb87
MD5

db20d2f7f225976a4e739d20d9dad826
SHA1

17126d407243ab31ef1617193ac832e29455bf03
SHA256

a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad
SHA512

92b89109a449d0fe58c145e10ba94c713fd48aecf47f2f85983e08141ffe5d3874e8a994b06aeab662459b9e55a62feafe1addf2a9e0bcfda8eab6066f34117a
SSDEEP

3072:khg7I71MeSRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:Mgo1lFaQ7W05AEezbMPZFzAy2yA

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad
- Size
  
  261KB
- MD5
  
  db20d2f7f225976a4e739d20d9dad826
- SHA1
  
  17126d407243ab31ef1617193ac832e29455bf03
- SHA256
  
  a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad
- SHA512
  
  92b89109a449d0fe58c145e10ba94c713fd48aecf47f2f85983e08141ffe5d3874e8a994b06aeab662459b9e55a62feafe1addf2a9e0bcfda8eab6066f34117a
- SSDEEP
  
  3072:khg7I71MeSRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:Mgo1lFaQ7W05AEezbMPZFzAy2yA
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware