General
-
Target
619adc865df2bcc4841f6e53d6536adb1d64fee7f2b44bf8ea6a53a3b50e4272
-
Size
1.0MB
-
Sample
230911-d9zwrsdc9x
-
MD5
bd39edcdfcf40646b2c792a52dde6843
-
SHA1
f2c8416f494fb8fffd8a9349a42de8ca6ebffc5e
-
SHA256
619adc865df2bcc4841f6e53d6536adb1d64fee7f2b44bf8ea6a53a3b50e4272
-
SHA512
78b3ef0040957c34e6008421f47b16e640bc1c1396493e064fabb441f3a081b86307e2c49324e4f6f531f510115c681860d1e3a4f2aedcb78047fc0d8086680b
-
SSDEEP
24576:vlG6VugrdGAY1r41kIk3TDkkBLi+MU9vbrDh:XugrdGAerikzPBOu/Dh
Static task
static1
Behavioral task
behavioral1
Sample
619adc865df2bcc4841f6e53d6536adb1d64fee7f2b44bf8ea6a53a3b50e4272.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
619adc865df2bcc4841f6e53d6536adb1d64fee7f2b44bf8ea6a53a3b50e4272
-
Size
1.0MB
-
MD5
bd39edcdfcf40646b2c792a52dde6843
-
SHA1
f2c8416f494fb8fffd8a9349a42de8ca6ebffc5e
-
SHA256
619adc865df2bcc4841f6e53d6536adb1d64fee7f2b44bf8ea6a53a3b50e4272
-
SHA512
78b3ef0040957c34e6008421f47b16e640bc1c1396493e064fabb441f3a081b86307e2c49324e4f6f531f510115c681860d1e3a4f2aedcb78047fc0d8086680b
-
SSDEEP
24576:vlG6VugrdGAY1r41kIk3TDkkBLi+MU9vbrDh:XugrdGAerikzPBOu/Dh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-