redline | 19534ffe077845759ef45aaeff4dd76ed9b436962740d0c94369ef8ce3ef378b | Triage

Sharing

General

Target

19534ffe077845759ef45aaeff4dd76ed9b436962740d0c94369ef8ce3ef378b
Size

282KB
Sample

230608-awkm5sac8s
MD5

3dfe0faff94a927433e02ae604b93f88
SHA1

0a6e25bcef4e9f50ff3675de24833e9fd3c278f7
SHA256

19534ffe077845759ef45aaeff4dd76ed9b436962740d0c94369ef8ce3ef378b
SHA512

94092bb226f6904d1c3c96330aa757d1e1e315ff98d8d65fd05045726f2f4d8150a0a6809768c54c4035c17177b050a946a97984cb295c94ce4b0f532f4dcad8
SSDEEP

6144:pQvoWvJTag5GwvTygXUNVS4MGh1aBFrvz1xcxcWhdrt:pUznyR1aBFrvz1xcxddrt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  19534ffe077845759ef45aaeff4dd76ed9b436962740d0c94369ef8ce3ef378b
- Size
  
  282KB
- MD5
  
  3dfe0faff94a927433e02ae604b93f88
- SHA1
  
  0a6e25bcef4e9f50ff3675de24833e9fd3c278f7
- SHA256
  
  19534ffe077845759ef45aaeff4dd76ed9b436962740d0c94369ef8ce3ef378b
- SHA512
  
  94092bb226f6904d1c3c96330aa757d1e1e315ff98d8d65fd05045726f2f4d8150a0a6809768c54c4035c17177b050a946a97984cb295c94ce4b0f532f4dcad8
- SSDEEP
  
  6144:pQvoWvJTag5GwvTygXUNVS4MGh1aBFrvz1xcxcWhdrt:pUznyR1aBFrvz1xcxddrt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware