General
-
Target
9faf613347482545509807caf67318b0373b42bf1be3d17ba232671289bc797d
-
Size
1.0MB
-
Sample
230911-j56fmseg65
-
MD5
fdd7cc37dd8c3aab1c9029ceb85ca17c
-
SHA1
c8e12dd54ddf4861005bc5be9b9c46f604b514c2
-
SHA256
9faf613347482545509807caf67318b0373b42bf1be3d17ba232671289bc797d
-
SHA512
2aaf630866a60bdf11961d12a1e7f7788ccca8f58dbb62cb1c4aca45848db9fcc9035f280e64c17ff8e09459f35557ebd6a556310577133cefa340ce0333977f
-
SSDEEP
12288:JH2tbW8hlG6conugrdGASloMtdZBA2KkAi72a88PJIk33jPLcOYtCprIusBLhbNk:clG6VugrdGAYV7AVkIk3TDcUprkrDh
Static task
static1
Behavioral task
behavioral1
Sample
9faf613347482545509807caf67318b0373b42bf1be3d17ba232671289bc797d.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
9faf613347482545509807caf67318b0373b42bf1be3d17ba232671289bc797d
-
Size
1.0MB
-
MD5
fdd7cc37dd8c3aab1c9029ceb85ca17c
-
SHA1
c8e12dd54ddf4861005bc5be9b9c46f604b514c2
-
SHA256
9faf613347482545509807caf67318b0373b42bf1be3d17ba232671289bc797d
-
SHA512
2aaf630866a60bdf11961d12a1e7f7788ccca8f58dbb62cb1c4aca45848db9fcc9035f280e64c17ff8e09459f35557ebd6a556310577133cefa340ce0333977f
-
SSDEEP
12288:JH2tbW8hlG6conugrdGASloMtdZBA2KkAi72a88PJIk33jPLcOYtCprIusBLhbNk:clG6VugrdGAYV7AVkIk3TDcUprkrDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-