General
-
Target
e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9
-
Size
1.0MB
-
Sample
230911-mzv99sfd7y
-
MD5
158a94b9df586a41405a4cab2fda599d
-
SHA1
5e1434b6bb686d6e8a17fa42d0d24c929ccca0f2
-
SHA256
e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9
-
SHA512
e62ef0835a562dbdec3d69a7270c3b73cafe2f9f2fde929ffc709857a598eb7be682f8d98c68ac35d52e5d46b7ecb292ad6ab42fd7444523cf01f16200bb42ee
-
SSDEEP
24576:wlG6VugrdGAYF7AVkIk3TDcUprdIvd7xFNpoUmrDh:yugrdGAO7KkzXp8d7xFNpPGDh
Static task
static1
Behavioral task
behavioral1
Sample
e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9
-
Size
1.0MB
-
MD5
158a94b9df586a41405a4cab2fda599d
-
SHA1
5e1434b6bb686d6e8a17fa42d0d24c929ccca0f2
-
SHA256
e3755876e0345e1ac9868b55f5d5b9c8d9657dffbb0cb24906e7383838f3b9f9
-
SHA512
e62ef0835a562dbdec3d69a7270c3b73cafe2f9f2fde929ffc709857a598eb7be682f8d98c68ac35d52e5d46b7ecb292ad6ab42fd7444523cf01f16200bb42ee
-
SSDEEP
24576:wlG6VugrdGAYF7AVkIk3TDcUprdIvd7xFNpoUmrDh:yugrdGAO7KkzXp8d7xFNpPGDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-