General
-
Target
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf
-
Size
1.1MB
-
Sample
231011-jrc7yacd92
-
MD5
1df6580a995989ea0cb8d5c35ff737e2
-
SHA1
ebbfb339b894138c10c542fcfabb4b26e21fae3b
-
SHA256
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf
-
SHA512
a488bb387610ec56b1716ecb7fd8d3d6f272617df9ea2325c43d620355ceed5514cea5cda18cf0e7023bde733493e23cf2f37a7f66fd0a0b85e56101c136bf48
-
SSDEEP
24576:8yCEH2Pui4A+s/ob83ocv8lP2CnRd/3ci53Vxlx:r72r4A+6s8YhP2GRd9VVn
Static task
static1
Behavioral task
behavioral1
Sample
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
lunka
77.91.124.55:19071
-
auth_value
8284484633d18d383ea4ff83c0af43ca
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
mystic
http://5.42.92.211/loghub/master
Targets
-
-
Target
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf
-
Size
1.1MB
-
MD5
1df6580a995989ea0cb8d5c35ff737e2
-
SHA1
ebbfb339b894138c10c542fcfabb4b26e21fae3b
-
SHA256
a1385fd741828c261356775c020f6bb10b2b8926069dbeedf53985d42707d8bf
-
SHA512
a488bb387610ec56b1716ecb7fd8d3d6f272617df9ea2325c43d620355ceed5514cea5cda18cf0e7023bde733493e23cf2f37a7f66fd0a0b85e56101c136bf48
-
SSDEEP
24576:8yCEH2Pui4A+s/ob83ocv8lP2CnRd/3ci53Vxlx:r72r4A+6s8YhP2GRd9VVn
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-