redline | fadd889369e83e7872dca59f4e3b115ac2d3f02e8a63ff9704ea64fff9a6e47c | Triage

Sharing

General

Target

fadd889369e83e7872dca59f4e3b115ac2d3f02e8a63ff9704ea64fff9a6e47c
Size

308KB
Sample

230608-shbgesha6z
MD5

9483517b340ee98d2753b8abb5f3317f
SHA1

f808f815132d4206f1b472a78a0d0ede61d8a914
SHA256

fadd889369e83e7872dca59f4e3b115ac2d3f02e8a63ff9704ea64fff9a6e47c
SHA512

a9e067bd3fd1937ca63c3db6703b958bcf77dcb7a75f27ce66805ca59a1732bf7c3034581c98d95c30116f5a730867bceadd13e5e6043c82b411ee232065ba66
SSDEEP

6144:qJieERFHqXwvTygXUNVS4MGh1aBFrvz1xcxcVtiP:qJYR7yR1aBFrvz1xcxyiP

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  fadd889369e83e7872dca59f4e3b115ac2d3f02e8a63ff9704ea64fff9a6e47c
- Size
  
  308KB
- MD5
  
  9483517b340ee98d2753b8abb5f3317f
- SHA1
  
  f808f815132d4206f1b472a78a0d0ede61d8a914
- SHA256
  
  fadd889369e83e7872dca59f4e3b115ac2d3f02e8a63ff9704ea64fff9a6e47c
- SHA512
  
  a9e067bd3fd1937ca63c3db6703b958bcf77dcb7a75f27ce66805ca59a1732bf7c3034581c98d95c30116f5a730867bceadd13e5e6043c82b411ee232065ba66
- SSDEEP
  
  6144:qJieERFHqXwvTygXUNVS4MGh1aBFrvz1xcxcVtiP:qJYR7yR1aBFrvz1xcxyiP
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware