redline | c88bf9ef89b1f578abb979b3f046573d8b4af897ba16a9b2b9402b2cc2a6180c | Triage

Sharing

General

Target

c88bf9ef89b1f578abb979b3f046573d8b4af897ba16a9b2b9402b2cc2a6180c
Size

309KB
Sample

230608-kmp7dadc79
MD5

adf8d2d070aa707d91a94c8c9f1d951b
SHA1

55b4aba7fc6ffcf05cc8ce89fc62622cdf5644e2
SHA256

c88bf9ef89b1f578abb979b3f046573d8b4af897ba16a9b2b9402b2cc2a6180c
SHA512

7ff320301e1de30c9ba9ef81d4275622b531a6db7b97bffb22d9df5c937262918eeb5c9edf46e07fd8b1e359764d2ffa222deed925aa7c87e12ca9ea197ff115
SSDEEP

6144:jD5k3As3xmy6FjIwvTygXUNVS4MGh1aBFrvz1xcxc750:jD2Uy+vyR1aBFrvz1xcxM0

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  c88bf9ef89b1f578abb979b3f046573d8b4af897ba16a9b2b9402b2cc2a6180c
- Size
  
  309KB
- MD5
  
  adf8d2d070aa707d91a94c8c9f1d951b
- SHA1
  
  55b4aba7fc6ffcf05cc8ce89fc62622cdf5644e2
- SHA256
  
  c88bf9ef89b1f578abb979b3f046573d8b4af897ba16a9b2b9402b2cc2a6180c
- SHA512
  
  7ff320301e1de30c9ba9ef81d4275622b531a6db7b97bffb22d9df5c937262918eeb5c9edf46e07fd8b1e359764d2ffa222deed925aa7c87e12ca9ea197ff115
- SSDEEP
  
  6144:jD5k3As3xmy6FjIwvTygXUNVS4MGh1aBFrvz1xcxc750:jD2Uy+vyR1aBFrvz1xcxM0
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware