General
-
Target
d9aa83dfa562a3e660a28db8ae8404f28ac0e3b182cc894d75532602e2be8fe5
-
Size
1.0MB
-
Sample
230911-b1laxada78
-
MD5
8d04f970616b804bc69746386aa88b74
-
SHA1
fd04687d06facd7afb0d003009ccacf4692c3619
-
SHA256
d9aa83dfa562a3e660a28db8ae8404f28ac0e3b182cc894d75532602e2be8fe5
-
SHA512
1b98c7f764c5f3bcc0fb1058965693a659e87c30c7a0af970e8004d31aacb93a76d8fd7c29e0cefac7ed835aad5aa8f23cec58e0d41c9a00a6f2091c9cddf341
-
SSDEEP
24576:1lG6VugrdGAYlr41kIk3TDkkBLwCp6V1rDh:tugrdGAurikzPBMCp6VtDh
Static task
static1
Behavioral task
behavioral1
Sample
d9aa83dfa562a3e660a28db8ae8404f28ac0e3b182cc894d75532602e2be8fe5.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
d9aa83dfa562a3e660a28db8ae8404f28ac0e3b182cc894d75532602e2be8fe5
-
Size
1.0MB
-
MD5
8d04f970616b804bc69746386aa88b74
-
SHA1
fd04687d06facd7afb0d003009ccacf4692c3619
-
SHA256
d9aa83dfa562a3e660a28db8ae8404f28ac0e3b182cc894d75532602e2be8fe5
-
SHA512
1b98c7f764c5f3bcc0fb1058965693a659e87c30c7a0af970e8004d31aacb93a76d8fd7c29e0cefac7ed835aad5aa8f23cec58e0d41c9a00a6f2091c9cddf341
-
SSDEEP
24576:1lG6VugrdGAYlr41kIk3TDkkBLwCp6V1rDh:tugrdGAurikzPBMCp6VtDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-