redline | 8c77ce454fb9e8bb47a9597ded84542fe0c3519f3c3a1dbad6ff177acc91fe3f | Triage

Sharing

General

Target

8c77ce454fb9e8bb47a9597ded84542fe0c3519f3c3a1dbad6ff177acc91fe3f
Size

309KB
Sample

230608-nyzrqsff8y
MD5

f7cec0d594614952d124c0824583237c
SHA1

8d06a23bfc1c0606622cf74487447e15e5708cfc
SHA256

8c77ce454fb9e8bb47a9597ded84542fe0c3519f3c3a1dbad6ff177acc91fe3f
SHA512

b586cf54dff531f80ccab34c984f5b825b9ea91b5239aeab44ae46d3b0a1c6bfb7bc59d88d5807d1d3c1f78339d979b2042d7a7fa42e2a20a9c3f97f8dbdb86a
SSDEEP

6144:UD5k3As3xWy6FjRwvTygXUNVS4MGh1aBFrvz1xcxc7I0:UD2kye+yR1aBFrvz1xcxF0

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  8c77ce454fb9e8bb47a9597ded84542fe0c3519f3c3a1dbad6ff177acc91fe3f
- Size
  
  309KB
- MD5
  
  f7cec0d594614952d124c0824583237c
- SHA1
  
  8d06a23bfc1c0606622cf74487447e15e5708cfc
- SHA256
  
  8c77ce454fb9e8bb47a9597ded84542fe0c3519f3c3a1dbad6ff177acc91fe3f
- SHA512
  
  b586cf54dff531f80ccab34c984f5b825b9ea91b5239aeab44ae46d3b0a1c6bfb7bc59d88d5807d1d3c1f78339d979b2042d7a7fa42e2a20a9c3f97f8dbdb86a
- SSDEEP
  
  6144:UD5k3As3xWy6FjRwvTygXUNVS4MGh1aBFrvz1xcxc7I0:UD2kye+yR1aBFrvz1xcxF0
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware