redline | e8a7f6449c25a02b0ebc11f60e40ad09ba5495e0a5beaf224b76c0a539af42b7 | Triage

Sharing

General

Target

e8a7f6449c25a02b0ebc11f60e40ad09ba5495e0a5beaf224b76c0a539af42b7
Size

309KB
Sample

230608-mvkyqsed78
MD5

89ea11ebb368cbe9415559d5d570fac5
SHA1

065bbf21bb04e84c8b2aab99a8838be903ea2f6f
SHA256

e8a7f6449c25a02b0ebc11f60e40ad09ba5495e0a5beaf224b76c0a539af42b7
SHA512

72cb2e488876a351b6eec194a96043109e501c36fa36dcd4c614d2718d77af7439d1e08ca0713ca768646a66b8d04d2d12d9b66f867314131e1dad4be889e59d
SSDEEP

6144:+D5k3As3xmy6FrewvTygXUNVS4MGh1aBFrvz1xcxc7w0:+D2Uyu1yR1aBFrvz1xcxF0

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  e8a7f6449c25a02b0ebc11f60e40ad09ba5495e0a5beaf224b76c0a539af42b7
- Size
  
  309KB
- MD5
  
  89ea11ebb368cbe9415559d5d570fac5
- SHA1
  
  065bbf21bb04e84c8b2aab99a8838be903ea2f6f
- SHA256
  
  e8a7f6449c25a02b0ebc11f60e40ad09ba5495e0a5beaf224b76c0a539af42b7
- SHA512
  
  72cb2e488876a351b6eec194a96043109e501c36fa36dcd4c614d2718d77af7439d1e08ca0713ca768646a66b8d04d2d12d9b66f867314131e1dad4be889e59d
- SSDEEP
  
  6144:+D5k3As3xmy6FrewvTygXUNVS4MGh1aBFrvz1xcxc7w0:+D2Uyu1yR1aBFrvz1xcxF0
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware