General
-
Target
c46b70b8a58a4ded2c02ae98f0a7600806505fc835d9562c3cac78bc3c7f96ed
-
Size
1.0MB
-
Sample
230911-lyvfxafb4s
-
MD5
c996f93e7209d36266e2c8938556d582
-
SHA1
e812797fb9714e414d73a9e0d80c84396bfac487
-
SHA256
c46b70b8a58a4ded2c02ae98f0a7600806505fc835d9562c3cac78bc3c7f96ed
-
SHA512
e25184ce0bd70151db43254f409591919e9ebf535685a3ca1793c9d36a78f0cb9d4fd51b148ec4b4604cc0b316d7c8c362c92ddf05ba27a11793a7e00f30949b
-
SSDEEP
24576:FlG6VugrdGAY1r41kIk3TDkkBLvOZrDh:dugrdGAerikzPB7OhDh
Static task
static1
Behavioral task
behavioral1
Sample
c46b70b8a58a4ded2c02ae98f0a7600806505fc835d9562c3cac78bc3c7f96ed.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
c46b70b8a58a4ded2c02ae98f0a7600806505fc835d9562c3cac78bc3c7f96ed
-
Size
1.0MB
-
MD5
c996f93e7209d36266e2c8938556d582
-
SHA1
e812797fb9714e414d73a9e0d80c84396bfac487
-
SHA256
c46b70b8a58a4ded2c02ae98f0a7600806505fc835d9562c3cac78bc3c7f96ed
-
SHA512
e25184ce0bd70151db43254f409591919e9ebf535685a3ca1793c9d36a78f0cb9d4fd51b148ec4b4604cc0b316d7c8c362c92ddf05ba27a11793a7e00f30949b
-
SSDEEP
24576:FlG6VugrdGAY1r41kIk3TDkkBLvOZrDh:dugrdGAerikzPB7OhDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-