General
-
Target
210d78c17cc90a70f30586a02b0800aab423c75a716827872f13c3eb1778338f
-
Size
917KB
-
Sample
231110-266f5sae79
-
MD5
1c26a062dc36574d47421f47878d257a
-
SHA1
0de19ccfebf93a4d3afa949e1b548588ed077034
-
SHA256
210d78c17cc90a70f30586a02b0800aab423c75a716827872f13c3eb1778338f
-
SHA512
2cf57e7d4f9b2cc10c7fb51ecdab7d6c3bc04311dc1b42843c474d5af0f5cb09640af8dbfc9f411e4b8f78d2402f2f31942fab8166d6eaff26a5a909da7aaa86
-
SSDEEP
24576:qyDhXQ2saeuIs2C/GZLYDUJZRhVETCFCo4g3:xDhX1etPEGyaHVEGFCo4
Static task
static1
Behavioral task
behavioral1
Sample
210d78c17cc90a70f30586a02b0800aab423c75a716827872f13c3eb1778338f.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
210d78c17cc90a70f30586a02b0800aab423c75a716827872f13c3eb1778338f
-
Size
917KB
-
MD5
1c26a062dc36574d47421f47878d257a
-
SHA1
0de19ccfebf93a4d3afa949e1b548588ed077034
-
SHA256
210d78c17cc90a70f30586a02b0800aab423c75a716827872f13c3eb1778338f
-
SHA512
2cf57e7d4f9b2cc10c7fb51ecdab7d6c3bc04311dc1b42843c474d5af0f5cb09640af8dbfc9f411e4b8f78d2402f2f31942fab8166d6eaff26a5a909da7aaa86
-
SSDEEP
24576:qyDhXQ2saeuIs2C/GZLYDUJZRhVETCFCo4g3:xDhX1etPEGyaHVEGFCo4
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-