General
-
Target
8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
-
Size
1.0MB
-
Sample
230911-hnkbeaeb2v
-
MD5
47f02cf55e29c813da319bc7a56db088
-
SHA1
738abaa224a983b1ee472eb49262da2317026fc7
-
SHA256
8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
-
SHA512
d95c51fb9d1af5b15e8a4b59c3127a10d452287f7e8459cb7effd80681c71d51c4dc05eb1fbec56cd006e496a7352b80782194b799fc8349f090c2cb0db77a20
-
SSDEEP
24576:7lG6VugrdGAY1r41kIk3TDkkBLP7v9EfrDh:7ugrdGAerikzPBfv9eDh
Static task
static1
Behavioral task
behavioral1
Sample
8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
-
Size
1.0MB
-
MD5
47f02cf55e29c813da319bc7a56db088
-
SHA1
738abaa224a983b1ee472eb49262da2317026fc7
-
SHA256
8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
-
SHA512
d95c51fb9d1af5b15e8a4b59c3127a10d452287f7e8459cb7effd80681c71d51c4dc05eb1fbec56cd006e496a7352b80782194b799fc8349f090c2cb0db77a20
-
SSDEEP
24576:7lG6VugrdGAY1r41kIk3TDkkBLP7v9EfrDh:7ugrdGAerikzPBfv9eDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-