General
-
Target
da30aab96830cc5acf90a4729a748840a8e5a953b880e5a7693dd0c3e6a0fc04
-
Size
1.0MB
-
Sample
230911-kxavfaeg5s
-
MD5
a0bd4d438e424977ada2746d782b7644
-
SHA1
4689a568f3d26441cc68717a0da7a49a34f96665
-
SHA256
da30aab96830cc5acf90a4729a748840a8e5a953b880e5a7693dd0c3e6a0fc04
-
SHA512
74a68cddd8a8504ec120169b950f39e945ab1b688562e692f7b92302472911ee03a9deccc55c12df2c452ea8ff38d6164316b7e1fc61a004b64fc5d88baefcc3
-
SSDEEP
24576:clG6VugrdGAYF7AVkIk3TDcUprN5bHWvrDh:GugrdGAO7KkzXpR5biDh
Static task
static1
Behavioral task
behavioral1
Sample
da30aab96830cc5acf90a4729a748840a8e5a953b880e5a7693dd0c3e6a0fc04.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
da30aab96830cc5acf90a4729a748840a8e5a953b880e5a7693dd0c3e6a0fc04
-
Size
1.0MB
-
MD5
a0bd4d438e424977ada2746d782b7644
-
SHA1
4689a568f3d26441cc68717a0da7a49a34f96665
-
SHA256
da30aab96830cc5acf90a4729a748840a8e5a953b880e5a7693dd0c3e6a0fc04
-
SHA512
74a68cddd8a8504ec120169b950f39e945ab1b688562e692f7b92302472911ee03a9deccc55c12df2c452ea8ff38d6164316b7e1fc61a004b64fc5d88baefcc3
-
SSDEEP
24576:clG6VugrdGAYF7AVkIk3TDcUprN5bHWvrDh:GugrdGAO7KkzXpR5biDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-