General
-
Target
7709abf118d75eb40afcef4e41580d76fc370ca8ccc2457fd559c4a2a5c18a04
-
Size
1.0MB
-
Sample
230911-dtdctsdc5s
-
MD5
632c1cd7b6368335b062a29ab3b30d45
-
SHA1
0969cf0fe66f0b49ae85cdc9b125cf382a6960d2
-
SHA256
7709abf118d75eb40afcef4e41580d76fc370ca8ccc2457fd559c4a2a5c18a04
-
SHA512
7f6356f36cbaf9c8f7c90891c14d56810cd899c37b76da3315d948b0a2ea9d3f595b728f41a92dfbffdccebbcaa3c7b53f67f3bca839dbff327550100623d981
-
SSDEEP
24576:qlG6VugrdGAY1r41kIk3TDkkBLl/IrDh:MugrdGAerikzPBB/8Dh
Static task
static1
Behavioral task
behavioral1
Sample
7709abf118d75eb40afcef4e41580d76fc370ca8ccc2457fd559c4a2a5c18a04.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
7709abf118d75eb40afcef4e41580d76fc370ca8ccc2457fd559c4a2a5c18a04
-
Size
1.0MB
-
MD5
632c1cd7b6368335b062a29ab3b30d45
-
SHA1
0969cf0fe66f0b49ae85cdc9b125cf382a6960d2
-
SHA256
7709abf118d75eb40afcef4e41580d76fc370ca8ccc2457fd559c4a2a5c18a04
-
SHA512
7f6356f36cbaf9c8f7c90891c14d56810cd899c37b76da3315d948b0a2ea9d3f595b728f41a92dfbffdccebbcaa3c7b53f67f3bca839dbff327550100623d981
-
SSDEEP
24576:qlG6VugrdGAY1r41kIk3TDkkBLl/IrDh:MugrdGAerikzPBB/8Dh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-