General
-
Target
d543b9735c540cc6703db59e7cdc901b.bin
-
Size
868KB
-
Sample
231011-jcnecsbh22
-
MD5
ef16a4fe3085f80f6df2ef27f3aaa370
-
SHA1
c28675aec5fbe9e4824f735d15a74f53cdf88aac
-
SHA256
b60e6acb1683e8b9b7d8eaf9bd41f0028c9de2aff3bf330c1b73c0735050fd7a
-
SHA512
46bedd25e3e6c25e1a8379c3a087de862f38eb7089eb4f774d2b953b503d1ab68c034a1434c4031f82e12e7b88bc5c02840584ef4404ef3c26435d2de776f924
-
SSDEEP
24576:N2opWo49eKGq5x6R2KjXf9LIjaR+BN1F43P9:spxkbf9LIj97FEP9
Static task
static1
Behavioral task
behavioral1
Sample
f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb.exe
-
Size
912KB
-
MD5
d543b9735c540cc6703db59e7cdc901b
-
SHA1
afe133337f5a4e369a6ea0b1b343396877deb4ee
-
SHA256
f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb
-
SHA512
753e225c1cb2e201f1ce9e9dbcd872ff8973dd6f5e0b3cf29e9d7185c7faaebaae12fb573f182d57d0715432ec7c6d74eae872dbab9a5c01f0d989fc772335f0
-
SSDEEP
24576:6y/N4VI3ja2E40UXN7eKmsqV1B7Aj5Pv:BVg0a3UXdeKm93B7Aj
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-