General
-
Target
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
-
Size
908KB
-
Sample
231011-mqmlrsbc46
-
MD5
939f12f6f0ef949958e6835b42998c67
-
SHA1
0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388
-
SHA256
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
-
SHA512
1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591
-
SSDEEP
24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k
Static task
static1
Behavioral task
behavioral1
Sample
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
-
Size
908KB
-
MD5
939f12f6f0ef949958e6835b42998c67
-
SHA1
0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388
-
SHA256
4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
-
SHA512
1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591
-
SSDEEP
24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-