Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    385b36e908443fa763245485d45ccde11ceb8b67910c21be4a38cf7a5907c88a

  • Size

    1.0MB

  • Sample

    230911-er5vqsdf76

  • MD5

    0158c09b42e156274814fa4c2875354f

  • SHA1

    1c5275e5df3c85b93b09e2f56307461759aa269a

  • SHA256

    385b36e908443fa763245485d45ccde11ceb8b67910c21be4a38cf7a5907c88a

  • SHA512

    476df0c7bfd94bc4a133f60c5293c7bab10c6c2af6e46b97fdc403f987d00dcb8992f6a424d2d6975cec41d41661b55340f6730f3792b22e9a1822cc2968323b

  • SSDEEP

    24576:VlG6VugrdGAYlr41kIk3TDkkBLiyemrDh:NugrdGAurikzPBOGDh

Score
10/10
redlineamadey_apiinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

amadey_api

C2

amadapi.tuktuk.ug:11290

Attributes
  • auth_value

    a004bea47cf55a1c8841d46c3fe3e6f5

Targets

    • Target

      385b36e908443fa763245485d45ccde11ceb8b67910c21be4a38cf7a5907c88a

    • Size

      1.0MB

    • MD5

      0158c09b42e156274814fa4c2875354f

    • SHA1

      1c5275e5df3c85b93b09e2f56307461759aa269a

    • SHA256

      385b36e908443fa763245485d45ccde11ceb8b67910c21be4a38cf7a5907c88a

    • SHA512

      476df0c7bfd94bc4a133f60c5293c7bab10c6c2af6e46b97fdc403f987d00dcb8992f6a424d2d6975cec41d41661b55340f6730f3792b22e9a1822cc2968323b

    • SSDEEP

      24576:VlG6VugrdGAYlr41kIk3TDkkBLiyemrDh:NugrdGAurikzPBOGDh

    Score
    10/10
    redlineamadey_apiinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks