General
-
Target
bd34cd921386bdac0af42b543ae05deb91e026b525999015f98e6a16670ecaf2
-
Size
1.0MB
-
Sample
230911-haxdtaec39
-
MD5
72f087a242666e5bff96417f4efe5e0b
-
SHA1
af674578a9e6e9f9107354f70804938766d0b452
-
SHA256
bd34cd921386bdac0af42b543ae05deb91e026b525999015f98e6a16670ecaf2
-
SHA512
b9ab15ceafd294b0bf2119512cd4eff989879b12d3602a6db331f4db2e31364a91fe52b3542be70f74ca471372a881315988f7594f0d7f66090eddea9cebaf1a
-
SSDEEP
24576:UlG6VugrdGAY1r41kIk3TDkkBLHrH0rDh:eugrdGAerikzPB3YDh
Static task
static1
Behavioral task
behavioral1
Sample
bd34cd921386bdac0af42b543ae05deb91e026b525999015f98e6a16670ecaf2.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
bd34cd921386bdac0af42b543ae05deb91e026b525999015f98e6a16670ecaf2
-
Size
1.0MB
-
MD5
72f087a242666e5bff96417f4efe5e0b
-
SHA1
af674578a9e6e9f9107354f70804938766d0b452
-
SHA256
bd34cd921386bdac0af42b543ae05deb91e026b525999015f98e6a16670ecaf2
-
SHA512
b9ab15ceafd294b0bf2119512cd4eff989879b12d3602a6db331f4db2e31364a91fe52b3542be70f74ca471372a881315988f7594f0d7f66090eddea9cebaf1a
-
SSDEEP
24576:UlG6VugrdGAY1r41kIk3TDkkBLHrH0rDh:eugrdGAerikzPB3YDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-