redline | 3e82d8a31a597c82f8d64b62a3d01fe9df717334407dd4c7c3939a932c28f1d9 | Triage

Sharing

General

Target

3e82d8a31a597c82f8d64b62a3d01fe9df717334407dd4c7c3939a932c28f1d9
Size

282KB
Sample

230608-cebp1saf76
MD5

b2dd1322d30dddbffe3025630731afc8
SHA1

7bdac312a279a319a1b2808cef8d68948ae75f47
SHA256

3e82d8a31a597c82f8d64b62a3d01fe9df717334407dd4c7c3939a932c28f1d9
SHA512

012b55a2b641eacdcce68d00efd0e288305596f58af1be89d05f3b0159991ee5692479be486a8c2c3a80bec7160f6f0efeda5d259947d9c908ee4c6feada5aed
SSDEEP

6144:DQvoWvJE3mPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:DUmVyR1aBFrvz1xcxdart

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  3e82d8a31a597c82f8d64b62a3d01fe9df717334407dd4c7c3939a932c28f1d9
- Size
  
  282KB
- MD5
  
  b2dd1322d30dddbffe3025630731afc8
- SHA1
  
  7bdac312a279a319a1b2808cef8d68948ae75f47
- SHA256
  
  3e82d8a31a597c82f8d64b62a3d01fe9df717334407dd4c7c3939a932c28f1d9
- SHA512
  
  012b55a2b641eacdcce68d00efd0e288305596f58af1be89d05f3b0159991ee5692479be486a8c2c3a80bec7160f6f0efeda5d259947d9c908ee4c6feada5aed
- SSDEEP
  
  6144:DQvoWvJE3mPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:DUmVyR1aBFrvz1xcxdart
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware