redline | febc2ea9ad4f6f9f96ba8dc3484b1679119f3a2930c8829b777cc8a04bce5350 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

febc2ea9ad4f6f9f96ba8dc3484b1679119f3a2930c8829b777cc8a04bce5350
Size

282KB
Sample

230608-dk2ztsbc85
MD5

82fe27e30f716f429fc7c507733a3a90
SHA1

75f20326d3fef2625c762e8ba784f2a036c947a5
SHA256

febc2ea9ad4f6f9f96ba8dc3484b1679119f3a2930c8829b777cc8a04bce5350
SHA512

344ac6c1ea33ce75a0ab009b350ec87d09de4d97c9baa1a4a33c4498b9dc760755e9edb0a01c36fee6c50898b2046176dd0c15ba74cd019f64084b1a5d495328
SSDEEP

6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhartn:lUwMyR1aBFrvz1xcxdartn

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  febc2ea9ad4f6f9f96ba8dc3484b1679119f3a2930c8829b777cc8a04bce5350
- Size
  
  282KB
- MD5
  
  82fe27e30f716f429fc7c507733a3a90
- SHA1
  
  75f20326d3fef2625c762e8ba784f2a036c947a5
- SHA256
  
  febc2ea9ad4f6f9f96ba8dc3484b1679119f3a2930c8829b777cc8a04bce5350
- SHA512
  
  344ac6c1ea33ce75a0ab009b350ec87d09de4d97c9baa1a4a33c4498b9dc760755e9edb0a01c36fee6c50898b2046176dd0c15ba74cd019f64084b1a5d495328
- SSDEEP
  
  6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhartn:lUwMyR1aBFrvz1xcxdartn
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware