redline | c459de17b3525fb568f30a675e6360d431e32ccebe821364c6d0d98e26805328 | Triage

Sharing

General

Target

c459de17b3525fb568f30a675e6360d431e32ccebe821364c6d0d98e26805328
Size

282KB
Sample

230608-bvma1sah3v
MD5

d9743989e3aa88589d34566655d595e1
SHA1

a35535168dda0e565b18cfdb6f1d8da79e63540c
SHA256

c459de17b3525fb568f30a675e6360d431e32ccebe821364c6d0d98e26805328
SHA512

8926471d1866a906f6557ce1663cf878a86ad45b39487358ae5e14a8a027ccd2f3dda80730da638760b1a6a7fe9de7d20b1b72d743a48752d98f4a8273af4938
SSDEEP

6144:BQvoWvJOM/twvTygXUNVS4MGh1aBFrvz1xcxcWh1rt:BUjyyR1aBFrvz1xcxd1rt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  c459de17b3525fb568f30a675e6360d431e32ccebe821364c6d0d98e26805328
- Size
  
  282KB
- MD5
  
  d9743989e3aa88589d34566655d595e1
- SHA1
  
  a35535168dda0e565b18cfdb6f1d8da79e63540c
- SHA256
  
  c459de17b3525fb568f30a675e6360d431e32ccebe821364c6d0d98e26805328
- SHA512
  
  8926471d1866a906f6557ce1663cf878a86ad45b39487358ae5e14a8a027ccd2f3dda80730da638760b1a6a7fe9de7d20b1b72d743a48752d98f4a8273af4938
- SSDEEP
  
  6144:BQvoWvJOM/twvTygXUNVS4MGh1aBFrvz1xcxcWh1rt:BUjyyR1aBFrvz1xcxd1rt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware