General
-
Target
fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313
-
Size
918KB
-
Sample
231110-3g6laaab3w
-
MD5
039cbb9809ef179e6182636c1e29a8c6
-
SHA1
f2ae152f90e6ace214cbf7979625d2bcd7031997
-
SHA256
fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313
-
SHA512
7c4d39d0efc318d77fcdfd090f18226f259c2c1fa2f627b7a27faa49937e29ddd46b994e42da040323a8e0972fe08239783e5c7c4b0959097b9a94aad622aae7
-
SSDEEP
24576:Eywok4ebaeuIsKC/GvLYDSo2XGB6kHoVKImfBh:ThBetrEGUZ2XGhjB
Static task
static1
Behavioral task
behavioral1
Sample
fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313
-
Size
918KB
-
MD5
039cbb9809ef179e6182636c1e29a8c6
-
SHA1
f2ae152f90e6ace214cbf7979625d2bcd7031997
-
SHA256
fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313
-
SHA512
7c4d39d0efc318d77fcdfd090f18226f259c2c1fa2f627b7a27faa49937e29ddd46b994e42da040323a8e0972fe08239783e5c7c4b0959097b9a94aad622aae7
-
SSDEEP
24576:Eywok4ebaeuIsKC/GvLYDSo2XGB6kHoVKImfBh:ThBetrEGUZ2XGhjB
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-