redline | 68da1c21418be7c8a89e1e9cfcd9407a16d7b43870d0bc46476c7552646da6c2 | Triage

Sharing

General

Target

68da1c21418be7c8a89e1e9cfcd9407a16d7b43870d0bc46476c7552646da6c2
Size

308KB
Sample

230608-qkbh4agd2v
MD5

562c018d4402a1c611351165f50d8e09
SHA1

20e9330c7d8e79f9cf2b9e2e1d2fe522735e9779
SHA256

68da1c21418be7c8a89e1e9cfcd9407a16d7b43870d0bc46476c7552646da6c2
SHA512

a0d61d6a31d5363e3a73574c73540627f186d5f9587e202efe4f9b2484607cdf1324bb349951c819565083a02616b4c33e57d630fa147f5a9168c4628af9729c
SSDEEP

6144:pJie0RFHRXwvTygXUNVS4MGh1aBFrvz1xcxcVtyP:pJoRkyR1aBFrvz1xcxyyP

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  68da1c21418be7c8a89e1e9cfcd9407a16d7b43870d0bc46476c7552646da6c2
- Size
  
  308KB
- MD5
  
  562c018d4402a1c611351165f50d8e09
- SHA1
  
  20e9330c7d8e79f9cf2b9e2e1d2fe522735e9779
- SHA256
  
  68da1c21418be7c8a89e1e9cfcd9407a16d7b43870d0bc46476c7552646da6c2
- SHA512
  
  a0d61d6a31d5363e3a73574c73540627f186d5f9587e202efe4f9b2484607cdf1324bb349951c819565083a02616b4c33e57d630fa147f5a9168c4628af9729c
- SSDEEP
  
  6144:pJie0RFHRXwvTygXUNVS4MGh1aBFrvz1xcxcVtyP:pJoRkyR1aBFrvz1xcxyyP
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware