General
-
Target
e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042
-
Size
918KB
-
Sample
231110-2mvwasgf5w
-
MD5
5b66eed2ad68106a89a6f3b73c218a84
-
SHA1
5c22bab74d2e1c471998f6c6d0d54c765cda2919
-
SHA256
e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042
-
SHA512
d67fd8c22f9a79a833d192d92166975ba7ef154460304ef5d74ef929a079a7dabcf46e92e4868d349b45c847a41fad74925ac27e2344a1edfa80f53aa150c878
-
SSDEEP
24576:ayyvT58aeuIs6C/GfLYDyYMQGbWwJgEemlk4:hylFetVEGkrGbDJbewk
Static task
static1
Behavioral task
behavioral1
Sample
e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042
-
Size
918KB
-
MD5
5b66eed2ad68106a89a6f3b73c218a84
-
SHA1
5c22bab74d2e1c471998f6c6d0d54c765cda2919
-
SHA256
e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042
-
SHA512
d67fd8c22f9a79a833d192d92166975ba7ef154460304ef5d74ef929a079a7dabcf46e92e4868d349b45c847a41fad74925ac27e2344a1edfa80f53aa150c878
-
SSDEEP
24576:ayyvT58aeuIs6C/GfLYDyYMQGbWwJgEemlk4:hylFetVEGkrGbDJbewk
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-