redline | 80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c | Triage

Sharing

General

Target

80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
Size

1.0MB
Sample

230911-pdfnssga99
MD5

d8f227caed37216185482445a493065c
SHA1

9106a5215ebc1eb07cf5c9394fe6de0fb0910dc0
SHA256

80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
SHA512

36df3d7b0ccc3a4cc841f7827b32d06655e30d33e17ebb835f9d8ca296cb4feb7b091b8ae17e56675bd7da1d41858b0712b4c533781b5981455731e8e9512009
SSDEEP

24576:wlG6VugrdGAYlr41kIk3TDkkBLFOQYxANrDh:yugrdGAurikzPBpOQYxAFDh

Score

10^/10

redline amadey_api infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

amadey_api

C2

amadapi.tuktuk.ug:11290

Attributes

auth_value
a004bea47cf55a1c8841d46c3fe3e6f5

Targets

- Target
  
  80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
- Size
  
  1.0MB
- MD5
  
  d8f227caed37216185482445a493065c
- SHA1
  
  9106a5215ebc1eb07cf5c9394fe6de0fb0910dc0
- SHA256
  
  80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
- SHA512
  
  36df3d7b0ccc3a4cc841f7827b32d06655e30d33e17ebb835f9d8ca296cb4feb7b091b8ae17e56675bd7da1d41858b0712b4c533781b5981455731e8e9512009
- SSDEEP
  
  24576:wlG6VugrdGAYlr41kIk3TDkkBLFOQYxANrDh:yugrdGAurikzPBpOQYxAFDh
Score

10^/10

redline amadey_api infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineamadey_apiinfostealerspyware