redline | a4ce12e77bebe6a23a64c424a9ec53ae064a7df9fe120551a256800627eab267 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4ce12e77bebe6a23a64c424a9ec53ae064a7df9fe120551a256800627eab267
Size

282KB
Sample

230608-eaks8scb7x
MD5

cbdd8574472d4d135a4f8a343281f346
SHA1

1850890c89b7cced512d3cd38da2cc25182d3ac5
SHA256

a4ce12e77bebe6a23a64c424a9ec53ae064a7df9fe120551a256800627eab267
SHA512

c9b8b132b00536a99904ccd8b5102f86d00fd0c1010dde10bf5a9c9b08a247ebfa762196429e49981459d017ba3844b52d0a7102cac505cde97d81b20cd3597a
SSDEEP

6144:/QvoWvJ+T43+wvTygXUNVS4MGh1aBFrvz1xcxcWhyrt:/U7FyR1aBFrvz1xcxdyrt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  a4ce12e77bebe6a23a64c424a9ec53ae064a7df9fe120551a256800627eab267
- Size
  
  282KB
- MD5
  
  cbdd8574472d4d135a4f8a343281f346
- SHA1
  
  1850890c89b7cced512d3cd38da2cc25182d3ac5
- SHA256
  
  a4ce12e77bebe6a23a64c424a9ec53ae064a7df9fe120551a256800627eab267
- SHA512
  
  c9b8b132b00536a99904ccd8b5102f86d00fd0c1010dde10bf5a9c9b08a247ebfa762196429e49981459d017ba3844b52d0a7102cac505cde97d81b20cd3597a
- SSDEEP
  
  6144:/QvoWvJ+T43+wvTygXUNVS4MGh1aBFrvz1xcxcWhyrt:/U7FyR1aBFrvz1xcxdyrt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware