General
-
Target
b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d
-
Size
1.3MB
-
Sample
231110-3gcm7saa8w
-
MD5
612491cda5fe267892d251373e7fed1f
-
SHA1
2f1fa345a3ec7d96fdb15115609cd4ef28f56ef2
-
SHA256
b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d
-
SHA512
8172c0816cab7c3227b34c67c77559756d53ae9be5fdfed061bfcbe9de656f4d08d4ee994a9ef7c00e7aef3a5356a1c3decf1b07345b60ff80e222acfb744a99
-
SSDEEP
24576:KysamPautaewIsOCJG8mCDrTSkb5tuEOtXXGjpS4oap3RY:Rfooe3fSG6Okrnm4S4oap3
Static task
static1
Behavioral task
behavioral1
Sample
b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d
-
Size
1.3MB
-
MD5
612491cda5fe267892d251373e7fed1f
-
SHA1
2f1fa345a3ec7d96fdb15115609cd4ef28f56ef2
-
SHA256
b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d
-
SHA512
8172c0816cab7c3227b34c67c77559756d53ae9be5fdfed061bfcbe9de656f4d08d4ee994a9ef7c00e7aef3a5356a1c3decf1b07345b60ff80e222acfb744a99
-
SSDEEP
24576:KysamPautaewIsOCJG8mCDrTSkb5tuEOtXXGjpS4oap3RY:Rfooe3fSG6Okrnm4S4oap3
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-