redline | 8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e | Triage

Sharing

General

Target

8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
Size

1.0MB
Sample

230911-hnkbeaeb2v
MD5

47f02cf55e29c813da319bc7a56db088
SHA1

738abaa224a983b1ee472eb49262da2317026fc7
SHA256

8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
SHA512

d95c51fb9d1af5b15e8a4b59c3127a10d452287f7e8459cb7effd80681c71d51c4dc05eb1fbec56cd006e496a7352b80782194b799fc8349f090c2cb0db77a20
SSDEEP

24576:7lG6VugrdGAY1r41kIk3TDkkBLP7v9EfrDh:7ugrdGAerikzPBfv9eDh

Score

10^/10

redline amadey_api infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

amadey_api

C2

amadapi.tuktuk.ug:11290

Attributes

auth_value
a004bea47cf55a1c8841d46c3fe3e6f5

Targets

- Target
  
  8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
- Size
  
  1.0MB
- MD5
  
  47f02cf55e29c813da319bc7a56db088
- SHA1
  
  738abaa224a983b1ee472eb49262da2317026fc7
- SHA256
  
  8a7035557330400621e77da205d198e558e72fdfe1b9cf5c11537121b07f0a4e
- SHA512
  
  d95c51fb9d1af5b15e8a4b59c3127a10d452287f7e8459cb7effd80681c71d51c4dc05eb1fbec56cd006e496a7352b80782194b799fc8349f090c2cb0db77a20
- SSDEEP
  
  24576:7lG6VugrdGAY1r41kIk3TDkkBLP7v9EfrDh:7ugrdGAerikzPBfv9eDh
Score

10^/10

redline amadey_api infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineamadey_apiinfostealerspyware