redline | 1405a72f37165c06a62d0e62376844739cd09cd8731c9554feb2a5f634be5d01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1405a72f37165c06a62d0e62376844739cd09cd8731c9554feb2a5f634be5d01
Size

282KB
Sample

230607-z9hs5sgf3z
MD5

04aab26a59c78bbf363f6def8120781e
SHA1

d705d9b6a7b92748743225c2f9d29763f8667ee8
SHA256

1405a72f37165c06a62d0e62376844739cd09cd8731c9554feb2a5f634be5d01
SHA512

2911a928b5f4ce040d4f29df7578fdb4ee40c58fad58c89a6266dc39945e4a40a2be609264ffff6e601668656aac2890e1ebfd7e6cd46ef1978e63704753fa3b
SSDEEP

6144:4QvoWvJVlCy8GwvTygXUNVS4MGh1aBFrvz1xcxcWh/rt:4UDl7gyR1aBFrvz1xcxd/rt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  1405a72f37165c06a62d0e62376844739cd09cd8731c9554feb2a5f634be5d01
- Size
  
  282KB
- MD5
  
  04aab26a59c78bbf363f6def8120781e
- SHA1
  
  d705d9b6a7b92748743225c2f9d29763f8667ee8
- SHA256
  
  1405a72f37165c06a62d0e62376844739cd09cd8731c9554feb2a5f634be5d01
- SHA512
  
  2911a928b5f4ce040d4f29df7578fdb4ee40c58fad58c89a6266dc39945e4a40a2be609264ffff6e601668656aac2890e1ebfd7e6cd46ef1978e63704753fa3b
- SSDEEP
  
  6144:4QvoWvJVlCy8GwvTygXUNVS4MGh1aBFrvz1xcxcWh/rt:4UDl7gyR1aBFrvz1xcxd/rt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware