General
-
Target
5df81ed4749bce34af9ab90d6e52e3795caf70890bfe206567d5e001e67b2315
-
Size
1.0MB
-
Sample
230911-l2c12afb51
-
MD5
143c8a53c4aa1115c0b8952b50d727e2
-
SHA1
8b86d8c35e599656f607fac4e70f53a41e7e7bec
-
SHA256
5df81ed4749bce34af9ab90d6e52e3795caf70890bfe206567d5e001e67b2315
-
SHA512
3c6acab6a56e88ecf14eae8bcab507d27496f9ffe35a9ac875553dda9c72e6f77399cc9c225f7cedf3ad72f612d38900a0110ff5238242f07aaef8708d0e8689
-
SSDEEP
24576:2lG6VugrdGAY1r41kIk3TDkkBLtbz7sjlfRWTH1krDh:wugrdGAerikzPB1UjlKGDh
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
5df81ed4749bce34af9ab90d6e52e3795caf70890bfe206567d5e001e67b2315
-
Size
1.0MB
-
MD5
143c8a53c4aa1115c0b8952b50d727e2
-
SHA1
8b86d8c35e599656f607fac4e70f53a41e7e7bec
-
SHA256
5df81ed4749bce34af9ab90d6e52e3795caf70890bfe206567d5e001e67b2315
-
SHA512
3c6acab6a56e88ecf14eae8bcab507d27496f9ffe35a9ac875553dda9c72e6f77399cc9c225f7cedf3ad72f612d38900a0110ff5238242f07aaef8708d0e8689
-
SSDEEP
24576:2lG6VugrdGAY1r41kIk3TDkkBLtbz7sjlfRWTH1krDh:wugrdGAerikzPB1UjlKGDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-