General
-
Target
80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
-
Size
1.0MB
-
Sample
230911-pdfnssga99
-
MD5
d8f227caed37216185482445a493065c
-
SHA1
9106a5215ebc1eb07cf5c9394fe6de0fb0910dc0
-
SHA256
80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
-
SHA512
36df3d7b0ccc3a4cc841f7827b32d06655e30d33e17ebb835f9d8ca296cb4feb7b091b8ae17e56675bd7da1d41858b0712b4c533781b5981455731e8e9512009
-
SSDEEP
24576:wlG6VugrdGAYlr41kIk3TDkkBLFOQYxANrDh:yugrdGAurikzPBpOQYxAFDh
Static task
static1
Behavioral task
behavioral1
Sample
80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
-
Size
1.0MB
-
MD5
d8f227caed37216185482445a493065c
-
SHA1
9106a5215ebc1eb07cf5c9394fe6de0fb0910dc0
-
SHA256
80f5839ae606408071e372c1fa45cbe49e23ece1773c7fe73c981480ec80866c
-
SHA512
36df3d7b0ccc3a4cc841f7827b32d06655e30d33e17ebb835f9d8ca296cb4feb7b091b8ae17e56675bd7da1d41858b0712b4c533781b5981455731e8e9512009
-
SSDEEP
24576:wlG6VugrdGAYlr41kIk3TDkkBLFOQYxANrDh:yugrdGAurikzPBpOQYxAFDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-