General
-
Target
7e603894f969e7ac1713f2dd2ebdc639bd7b89e391987103b4276661c4c644b0
-
Size
1.0MB
-
Sample
230911-cdme5adb55
-
MD5
f59dd8aff16960a066be520e88bb36cd
-
SHA1
a9912e0456e183f23e35bd779d91470ae3d1eed8
-
SHA256
7e603894f969e7ac1713f2dd2ebdc639bd7b89e391987103b4276661c4c644b0
-
SHA512
79ccb1b720d1a5186f9158c8b4a4495fd139b9b689853a4435b013618508d4270a2efeb6b10658e7cb4bf194dc2eb2740973b9a867cc39247b726ed73b787c3b
-
SSDEEP
24576:VlG6VugrdGAY1r41kIk3TDkkBL8GsoRc+oQyrrDh:NugrdGAerikzPBAGsoRc+oQyPDh
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
7e603894f969e7ac1713f2dd2ebdc639bd7b89e391987103b4276661c4c644b0
-
Size
1.0MB
-
MD5
f59dd8aff16960a066be520e88bb36cd
-
SHA1
a9912e0456e183f23e35bd779d91470ae3d1eed8
-
SHA256
7e603894f969e7ac1713f2dd2ebdc639bd7b89e391987103b4276661c4c644b0
-
SHA512
79ccb1b720d1a5186f9158c8b4a4495fd139b9b689853a4435b013618508d4270a2efeb6b10658e7cb4bf194dc2eb2740973b9a867cc39247b726ed73b787c3b
-
SSDEEP
24576:VlG6VugrdGAY1r41kIk3TDkkBL8GsoRc+oQyrrDh:NugrdGAerikzPBAGsoRc+oQyPDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-