General
-
Target
4eef850d2142428054a433df5ce8521c245b896607b13122cbbdeaca4cb88c3c
-
Size
1.3MB
-
Sample
231110-2qz97agg9v
-
MD5
b44b072cb8d97849ce6b3dd2cbd10072
-
SHA1
e7387db80b751f81e8f1e75ee431a33b01fc9fac
-
SHA256
4eef850d2142428054a433df5ce8521c245b896607b13122cbbdeaca4cb88c3c
-
SHA512
1f8b73dd196b4cc165aad2a0dda426c6f357411507202412b66f18326e64d40e53b0180d8f8227adaffce11a6f7855cda4c08ded2b5f4e908a4164b7f8af93f5
-
SSDEEP
24576:lyTbDxGd0aeSIsfC5GbvFDjhhfp6mBFI8fLc13uBQyuJE6a:ATbl8tepsQGhTfMUICLc1uBk
Static task
static1
Behavioral task
behavioral1
Sample
4eef850d2142428054a433df5ce8521c245b896607b13122cbbdeaca4cb88c3c.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
4eef850d2142428054a433df5ce8521c245b896607b13122cbbdeaca4cb88c3c
-
Size
1.3MB
-
MD5
b44b072cb8d97849ce6b3dd2cbd10072
-
SHA1
e7387db80b751f81e8f1e75ee431a33b01fc9fac
-
SHA256
4eef850d2142428054a433df5ce8521c245b896607b13122cbbdeaca4cb88c3c
-
SHA512
1f8b73dd196b4cc165aad2a0dda426c6f357411507202412b66f18326e64d40e53b0180d8f8227adaffce11a6f7855cda4c08ded2b5f4e908a4164b7f8af93f5
-
SSDEEP
24576:lyTbDxGd0aeSIsfC5GbvFDjhhfp6mBFI8fLc13uBQyuJE6a:ATbl8tepsQGhTfMUICLc1uBk
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-