General
-
Target
9a09524dbaa3c6008e1855ceaa855c0721bb427aeb7316b6c67efad47674f294
-
Size
1.0MB
-
Sample
230911-jtgyxaed8y
-
MD5
b487c473faa346afc43fde9cc3faf542
-
SHA1
0caaf122e3bda6c259de96f55a5ada99f7a0367c
-
SHA256
9a09524dbaa3c6008e1855ceaa855c0721bb427aeb7316b6c67efad47674f294
-
SHA512
d04a7216a2b29ea8390c9fb64dfe809a75346adc3effe235f4bacd8919672cadd288e0f29545ce7a7976bfb8bc1b32410ca1dbf06be4a84c58c0c9312cb61cc5
-
SSDEEP
24576:plG6VugrdGAY1r41kIk3TDkkBLF8X8cx1NrDh:ZugrdGAerikzPBZ8X8cx1FDh
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
9a09524dbaa3c6008e1855ceaa855c0721bb427aeb7316b6c67efad47674f294
-
Size
1.0MB
-
MD5
b487c473faa346afc43fde9cc3faf542
-
SHA1
0caaf122e3bda6c259de96f55a5ada99f7a0367c
-
SHA256
9a09524dbaa3c6008e1855ceaa855c0721bb427aeb7316b6c67efad47674f294
-
SHA512
d04a7216a2b29ea8390c9fb64dfe809a75346adc3effe235f4bacd8919672cadd288e0f29545ce7a7976bfb8bc1b32410ca1dbf06be4a84c58c0c9312cb61cc5
-
SSDEEP
24576:plG6VugrdGAY1r41kIk3TDkkBLF8X8cx1NrDh:ZugrdGAerikzPBZ8X8cx1FDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-