General
-
Target
359326954fd7c13b81e4287d6825deea9f9642d52e95d43c0c7f23925305a5a5
-
Size
1.0MB
-
Sample
230911-mlcwrsfe87
-
MD5
d7106fb9ea95dd1049752c9ae1d69988
-
SHA1
00b286001d08359976ef57c2294530fceda3147c
-
SHA256
359326954fd7c13b81e4287d6825deea9f9642d52e95d43c0c7f23925305a5a5
-
SHA512
6bd37d22793c268b1dee32de83cda40f5cdf769c8e3ccc5b80c2fa9fbbad4f0817e0024163b97344c30f2fed145127f55d07ce4c6cd83a53b3302444b4ee8a1b
-
SSDEEP
24576:/lG6VugrdGAY1r41kIk3TDkkBLtgrTmlngrDh:HugrdGAerikzPBJgrTmnUDh
Static task
static1
Behavioral task
behavioral1
Sample
359326954fd7c13b81e4287d6825deea9f9642d52e95d43c0c7f23925305a5a5.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
359326954fd7c13b81e4287d6825deea9f9642d52e95d43c0c7f23925305a5a5
-
Size
1.0MB
-
MD5
d7106fb9ea95dd1049752c9ae1d69988
-
SHA1
00b286001d08359976ef57c2294530fceda3147c
-
SHA256
359326954fd7c13b81e4287d6825deea9f9642d52e95d43c0c7f23925305a5a5
-
SHA512
6bd37d22793c268b1dee32de83cda40f5cdf769c8e3ccc5b80c2fa9fbbad4f0817e0024163b97344c30f2fed145127f55d07ce4c6cd83a53b3302444b4ee8a1b
-
SSDEEP
24576:/lG6VugrdGAY1r41kIk3TDkkBLtgrTmlngrDh:HugrdGAerikzPBJgrTmnUDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-