redline | 9aea0f04f36639a108a3e58e9907915972d02e7e1995d99c04385c4bbe5810f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9aea0f04f36639a108a3e58e9907915972d02e7e1995d99c04385c4bbe5810f2
Size

282KB
Sample

230608-fe4mkscg41
MD5

920c08f700d408cc15a1b0b4731a9564
SHA1

1bece646264b3ca9b13114983d1210f77b54e407
SHA256

9aea0f04f36639a108a3e58e9907915972d02e7e1995d99c04385c4bbe5810f2
SHA512

17d0d9e16b8e4b8b3e67b1b3c36fd0ed8eec0879c3f6d5851f6e9aa833ddf3368dfbdfa8cc66d7a3b4e16bb2d6ca95cd33c4079ea5ca8e7996ab13b908eaaf25
SSDEEP

6144:fQvoWvJOu0MJtwvTygXUNVS4MGh1aBFrvz1xcxcWh0rt:fUzQyR1aBFrvz1xcxd0rt

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  9aea0f04f36639a108a3e58e9907915972d02e7e1995d99c04385c4bbe5810f2
- Size
  
  282KB
- MD5
  
  920c08f700d408cc15a1b0b4731a9564
- SHA1
  
  1bece646264b3ca9b13114983d1210f77b54e407
- SHA256
  
  9aea0f04f36639a108a3e58e9907915972d02e7e1995d99c04385c4bbe5810f2
- SHA512
  
  17d0d9e16b8e4b8b3e67b1b3c36fd0ed8eec0879c3f6d5851f6e9aa833ddf3368dfbdfa8cc66d7a3b4e16bb2d6ca95cd33c4079ea5ca8e7996ab13b908eaaf25
- SSDEEP
  
  6144:fQvoWvJOu0MJtwvTygXUNVS4MGh1aBFrvz1xcxcWh0rt:fUzQyR1aBFrvz1xcxd0rt
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware