redline | dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90 | Triage

Sharing

General

Target

dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90
Size

282KB
Sample

230608-dmsh6sbd27
MD5

860d496d086599d34eb06dcbc9dccf4f
SHA1

522ddd33a271a32043d592a031807c1065f7fc18
SHA256

dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90
SHA512

948a781cc334f041a1efb205ce2376b6332d26af5331288c8798c25a618b967ce028645141fd3f27c8f742d44f92a29b03870e3c19d644a75116464833a10670
SSDEEP

6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:lUwMyR1aBFrvz1xcxdart

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90
- Size
  
  282KB
- MD5
  
  860d496d086599d34eb06dcbc9dccf4f
- SHA1
  
  522ddd33a271a32043d592a031807c1065f7fc18
- SHA256
  
  dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90
- SHA512
  
  948a781cc334f041a1efb205ce2376b6332d26af5331288c8798c25a618b967ce028645141fd3f27c8f742d44f92a29b03870e3c19d644a75116464833a10670
- SSDEEP
  
  6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:lUwMyR1aBFrvz1xcxdart
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware