redline | 24c9d6405357489d286866696e58a55a533315b25bede341d211133bddc22f3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24c9d6405357489d286866696e58a55a533315b25bede341d211133bddc22f3e
Size

261KB
Sample

230607-yfqffsfb45
MD5

953af3c20c55908b5a752524e6035b49
SHA1

bee8d2797d8c406499efb0460ec8bb7d19134874
SHA256

24c9d6405357489d286866696e58a55a533315b25bede341d211133bddc22f3e
SHA512

2636d76b1d2cc6b7dfb3ee67cec410827522ae79227e090c2ef9744505b46eab50b8ba422a41c22c86bc377bcafffd068218987d28a76a19b2b3533aa6f7b029
SSDEEP

3072:fhg7wH1TrZRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:5g8H1GFaQ7W05AEezbMPZFzAy2yA

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  24c9d6405357489d286866696e58a55a533315b25bede341d211133bddc22f3e
- Size
  
  261KB
- MD5
  
  953af3c20c55908b5a752524e6035b49
- SHA1
  
  bee8d2797d8c406499efb0460ec8bb7d19134874
- SHA256
  
  24c9d6405357489d286866696e58a55a533315b25bede341d211133bddc22f3e
- SHA512
  
  2636d76b1d2cc6b7dfb3ee67cec410827522ae79227e090c2ef9744505b46eab50b8ba422a41c22c86bc377bcafffd068218987d28a76a19b2b3533aa6f7b029
- SSDEEP
  
  3072:fhg7wH1TrZRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:5g8H1GFaQ7W05AEezbMPZFzAy2yA
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware