redline | 5ab9ec7c1d9f7e184270d1f0432274996f8238ccc837dd5a14123dc6f8f0c20a | Triage

Sharing

General

Target

5ab9ec7c1d9f7e184270d1f0432274996f8238ccc837dd5a14123dc6f8f0c20a
Size

308KB
Sample

230608-r42easgb55
MD5

fd0cfc18adb947afe38b93c9614db1bd
SHA1

1a8b2c1811ca231e2ce79b9c20425ff2de102928
SHA256

5ab9ec7c1d9f7e184270d1f0432274996f8238ccc837dd5a14123dc6f8f0c20a
SHA512

9490836923fb189e23e15b2e1adb6e058faccb4c6c80488164d125714419861958b2e3b550f59dc126433e61f053694a4fd084126ae4b2f9f28e14eb8fc7d231
SSDEEP

6144:/JieERFHLXwvTygXUNVS4MGh1aBFrvz1xcxcVt5PN:/JYR2yR1aBFrvz1xcxy5PN

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  5ab9ec7c1d9f7e184270d1f0432274996f8238ccc837dd5a14123dc6f8f0c20a
- Size
  
  308KB
- MD5
  
  fd0cfc18adb947afe38b93c9614db1bd
- SHA1
  
  1a8b2c1811ca231e2ce79b9c20425ff2de102928
- SHA256
  
  5ab9ec7c1d9f7e184270d1f0432274996f8238ccc837dd5a14123dc6f8f0c20a
- SHA512
  
  9490836923fb189e23e15b2e1adb6e058faccb4c6c80488164d125714419861958b2e3b550f59dc126433e61f053694a4fd084126ae4b2f9f28e14eb8fc7d231
- SSDEEP
  
  6144:/JieERFHLXwvTygXUNVS4MGh1aBFrvz1xcxcVt5PN:/JYR2yR1aBFrvz1xcxy5PN
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware