General
-
Target
0c97cda54ee8d2ce153c244a17383c4c373a250e2fc77001be26ed0c3f25f72c
-
Size
1.0MB
-
Sample
230911-bqpkksda25
-
MD5
0c9046e9022958e4c4e322628dec52af
-
SHA1
2c4944d3190fbf6c092d9a96bba4affff1d12437
-
SHA256
0c97cda54ee8d2ce153c244a17383c4c373a250e2fc77001be26ed0c3f25f72c
-
SHA512
e21a4c46630dd94c8f4944010061bbf5bbf520ea8b37d682376cf6db6d413b2dc37b9506c579bd17dda5e6c8de81da2a4ec75a3ba4152579f964e675a3e60652
-
SSDEEP
24576:/lG6VugrdGAYV7AVkIk3TDcUprsYiRJCiJeo2EN+qYrDh:HugrdGA+7KkzXpniRJCiJeo2EN+qMDh
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
0c97cda54ee8d2ce153c244a17383c4c373a250e2fc77001be26ed0c3f25f72c
-
Size
1.0MB
-
MD5
0c9046e9022958e4c4e322628dec52af
-
SHA1
2c4944d3190fbf6c092d9a96bba4affff1d12437
-
SHA256
0c97cda54ee8d2ce153c244a17383c4c373a250e2fc77001be26ed0c3f25f72c
-
SHA512
e21a4c46630dd94c8f4944010061bbf5bbf520ea8b37d682376cf6db6d413b2dc37b9506c579bd17dda5e6c8de81da2a4ec75a3ba4152579f964e675a3e60652
-
SSDEEP
24576:/lG6VugrdGAYV7AVkIk3TDcUprsYiRJCiJeo2EN+qYrDh:HugrdGA+7KkzXpniRJCiJeo2EN+qMDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-