General
-
Target
a4018d3ce0a8c645b79bb35925bbffce577e240c0f9219419069d93a6dd1f915
-
Size
1.0MB
-
Sample
230911-b86a2sch5y
-
MD5
708d0433dcf3f9c90320cd4ded2a4f66
-
SHA1
d70c297576a73350c729c29b90ba4fc154f94dab
-
SHA256
a4018d3ce0a8c645b79bb35925bbffce577e240c0f9219419069d93a6dd1f915
-
SHA512
ca2eeedd6b7cf448530e4d8be43c1ae636d8e185f4e33ac24c39045f1494b48e0c2c0bbcdcec7b4e36ccb9f264fa0e7774119131021ec1e36e2b40fd4d1f65fe
-
SSDEEP
24576:AlG6VugrdGAYV7AVkIk3TDcUprMvaZg+b4444VSrDh:iugrdGA+7KkzXpwyZg+5iDh
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
a4018d3ce0a8c645b79bb35925bbffce577e240c0f9219419069d93a6dd1f915
-
Size
1.0MB
-
MD5
708d0433dcf3f9c90320cd4ded2a4f66
-
SHA1
d70c297576a73350c729c29b90ba4fc154f94dab
-
SHA256
a4018d3ce0a8c645b79bb35925bbffce577e240c0f9219419069d93a6dd1f915
-
SHA512
ca2eeedd6b7cf448530e4d8be43c1ae636d8e185f4e33ac24c39045f1494b48e0c2c0bbcdcec7b4e36ccb9f264fa0e7774119131021ec1e36e2b40fd4d1f65fe
-
SSDEEP
24576:AlG6VugrdGAYV7AVkIk3TDcUprMvaZg+b4444VSrDh:iugrdGA+7KkzXpwyZg+5iDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-