redline | 19df4e374614e34672ee9392db0951517f0c9c3eddd18ea40baca57e2975d3c4 | Triage

Sharing

General

Target

19df4e374614e34672ee9392db0951517f0c9c3eddd18ea40baca57e2975d3c4
Size

307KB
Sample

230608-sw4ecshb8x
MD5

6ac51a8ddb7e214559838a7c44ef82b6
SHA1

ad07266e92f6e98b874a51e367b170b406b447d8
SHA256

19df4e374614e34672ee9392db0951517f0c9c3eddd18ea40baca57e2975d3c4
SHA512

e1a35213bfa11c858bbd083b3193ce633da464354043bb394a5320849af43a3192f90f49cce827668aed4efe69e10ae71e32ed481f34e67392d2e7ad33ce339f
SSDEEP

6144:8pSOyjtRVnybHwvTygXUNVS4MGh1aBFrvz1xcxcFtRv:8pWjtRxyR1aBFrvz1xcxiRv

Score

10^/10

redline sheron infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes

auth_value
2d067e7e2372227d3a03b335260112e9

Targets

- Target
  
  19df4e374614e34672ee9392db0951517f0c9c3eddd18ea40baca57e2975d3c4
- Size
  
  307KB
- MD5
  
  6ac51a8ddb7e214559838a7c44ef82b6
- SHA1
  
  ad07266e92f6e98b874a51e367b170b406b447d8
- SHA256
  
  19df4e374614e34672ee9392db0951517f0c9c3eddd18ea40baca57e2975d3c4
- SHA512
  
  e1a35213bfa11c858bbd083b3193ce633da464354043bb394a5320849af43a3192f90f49cce827668aed4efe69e10ae71e32ed481f34e67392d2e7ad33ce339f
- SSDEEP
  
  6144:8pSOyjtRVnybHwvTygXUNVS4MGh1aBFrvz1xcxcFtRv:8pWjtRxyR1aBFrvz1xcxiRv
Score

10^/10

redline sheron infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesheroninfostealerspyware