redline | f3320fd18c4c7ea7afac46a2fdd1401be9667edfd77b386d5b55149409711534 | Triage

Sharing

General

Target

f3320fd18c4c7ea7afac46a2fdd1401be9667edfd77b386d5b55149409711534
Size

308KB
Sample

230608-sjwtragd24
MD5

ea892617cb6cbff9906c4cecbd91f0e9
SHA1

394542752ce74eefc590f3190c44c6e13966d7a3
SHA256

f3320fd18c4c7ea7afac46a2fdd1401be9667edfd77b386d5b55149409711534
SHA512

fe77ad451e482cf1eda6e76623923bc230eb87cbd7148f2ee3c0b46e93b79c9c3eda1dc1a965f1d73024a4ebfc8ba82c9f6e11e59e18fa97057c2587bb1e6cb9
SSDEEP

6144:qJieERFHqXwvTygXUNVS4MGh1aBFrvz1xcxcVtiP:qJYR7yR1aBFrvz1xcxyiP

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  f3320fd18c4c7ea7afac46a2fdd1401be9667edfd77b386d5b55149409711534
- Size
  
  308KB
- MD5
  
  ea892617cb6cbff9906c4cecbd91f0e9
- SHA1
  
  394542752ce74eefc590f3190c44c6e13966d7a3
- SHA256
  
  f3320fd18c4c7ea7afac46a2fdd1401be9667edfd77b386d5b55149409711534
- SHA512
  
  fe77ad451e482cf1eda6e76623923bc230eb87cbd7148f2ee3c0b46e93b79c9c3eda1dc1a965f1d73024a4ebfc8ba82c9f6e11e59e18fa97057c2587bb1e6cb9
- SSDEEP
  
  6144:qJieERFHqXwvTygXUNVS4MGh1aBFrvz1xcxcVtiP:qJYR7yR1aBFrvz1xcxyiP
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware