General
-
Target
32ff8c1c31528718b32731d9f218686f5f4e480da107172cb8371339a9dc1626
-
Size
1.0MB
-
Sample
230911-ehg3badd6s
-
MD5
2af62c93c481fd73c7d995d73fe373d7
-
SHA1
42c3340e8f297fb60e10562ee0412b6bdab05dc2
-
SHA256
32ff8c1c31528718b32731d9f218686f5f4e480da107172cb8371339a9dc1626
-
SHA512
38a84ee30157098e867c40b82c7dc7c1d95d3b41e098955c0e7d93acf64e6b873b5c119b030c92f25d59589d07369e56b1ada06e0d03276ffdffebbca79f3ffa
-
SSDEEP
24576:KlG6VugrdGAY1r41kIk3TDkkBLlgAxAhfrDh:sugrdGAerikzPBOjDh
Static task
static1
Behavioral task
behavioral1
Sample
32ff8c1c31528718b32731d9f218686f5f4e480da107172cb8371339a9dc1626.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
32ff8c1c31528718b32731d9f218686f5f4e480da107172cb8371339a9dc1626
-
Size
1.0MB
-
MD5
2af62c93c481fd73c7d995d73fe373d7
-
SHA1
42c3340e8f297fb60e10562ee0412b6bdab05dc2
-
SHA256
32ff8c1c31528718b32731d9f218686f5f4e480da107172cb8371339a9dc1626
-
SHA512
38a84ee30157098e867c40b82c7dc7c1d95d3b41e098955c0e7d93acf64e6b873b5c119b030c92f25d59589d07369e56b1ada06e0d03276ffdffebbca79f3ffa
-
SSDEEP
24576:KlG6VugrdGAY1r41kIk3TDkkBLlgAxAhfrDh:sugrdGAerikzPBOjDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-