redline | ab78d4d5eda866548e7d554c8c6d0e10a504ef9804c2c61cff70b0ecf6ea73f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab78d4d5eda866548e7d554c8c6d0e10a504ef9804c2c61cff70b0ecf6ea73f8
Size

261KB
Sample

230607-w1s1zaeg3y
MD5

73a73ac4afb547b48237ac2bcafcb009
SHA1

98bbfd3fb58f7b13a6c971c587c3dbe1dc473c95
SHA256

ab78d4d5eda866548e7d554c8c6d0e10a504ef9804c2c61cff70b0ecf6ea73f8
SHA512

6d7a9428eee54dd6aa4ffe79899c1b9639c8a243e614bdbb37d9cf9bfa70f7271db7cf1220538a5b78fc75f6efb89e082a8602a7a0723c103a8f3fedeb0b7191
SSDEEP

3072:uhg781Br9RyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:qgQ14FaQ7W05AEezbMPZFzAy2yA

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  ab78d4d5eda866548e7d554c8c6d0e10a504ef9804c2c61cff70b0ecf6ea73f8
- Size
  
  261KB
- MD5
  
  73a73ac4afb547b48237ac2bcafcb009
- SHA1
  
  98bbfd3fb58f7b13a6c971c587c3dbe1dc473c95
- SHA256
  
  ab78d4d5eda866548e7d554c8c6d0e10a504ef9804c2c61cff70b0ecf6ea73f8
- SHA512
  
  6d7a9428eee54dd6aa4ffe79899c1b9639c8a243e614bdbb37d9cf9bfa70f7271db7cf1220538a5b78fc75f6efb89e082a8602a7a0723c103a8f3fedeb0b7191
- SSDEEP
  
  3072:uhg781Br9RyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:qgQ14FaQ7W05AEezbMPZFzAy2yA
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware