redline | 4d18e618d6b610258394901cb085e1b6bf5bc486f481542516abfa6e6a280e74 | Triage

Sharing

General

Target

4d18e618d6b610258394901cb085e1b6bf5bc486f481542516abfa6e6a280e74
Size

282KB
Sample

230607-zy6qtsge41
MD5

781e4d0d06778fffcb8d064d35b73a21
SHA1

4c08f66bc69f54717ee1d0f8ea0253582460033d
SHA256

4d18e618d6b610258394901cb085e1b6bf5bc486f481542516abfa6e6a280e74
SHA512

d74e09a27a22085c915c73d411a38cde495c36614e2cacef22a6ade19081c386c19694847e80566e4d084117fee9841a9ab57173e294e448a53bfc46f4d5a2f0
SSDEEP

6144:oQvoWvJYvf4wvTygXUNVS4MGh1aBFrvz1xcxcWh2rt:oUQ3yR1aBFrvz1xcxd2rt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  4d18e618d6b610258394901cb085e1b6bf5bc486f481542516abfa6e6a280e74
- Size
  
  282KB
- MD5
  
  781e4d0d06778fffcb8d064d35b73a21
- SHA1
  
  4c08f66bc69f54717ee1d0f8ea0253582460033d
- SHA256
  
  4d18e618d6b610258394901cb085e1b6bf5bc486f481542516abfa6e6a280e74
- SHA512
  
  d74e09a27a22085c915c73d411a38cde495c36614e2cacef22a6ade19081c386c19694847e80566e4d084117fee9841a9ab57173e294e448a53bfc46f4d5a2f0
- SSDEEP
  
  6144:oQvoWvJYvf4wvTygXUNVS4MGh1aBFrvz1xcxcWh2rt:oUQ3yR1aBFrvz1xcxd2rt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware