General
-
Target
763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11
-
Size
917KB
-
Sample
231110-3n8zzsbc57
-
MD5
1e5036f31f6fe30ed4a265f412a8c409
-
SHA1
1cf78ba984b839d0344fcf89d7a79c0a8a861d49
-
SHA256
763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11
-
SHA512
42c3422dd9e1315a4cfa2e64dc047df90c26bf883f41bcdd1e67908d417b4aad4ecb85354e0a5700694b41cc4e79004c7e307ff7e3ba908f20312c0761a083ea
-
SSDEEP
24576:CMyzK5Rl/UuaeuIsCC/G3LYDmFywvGf5i5Dw:uIy3etlEGcmywufk
Static task
static1
Behavioral task
behavioral1
Sample
763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11
-
Size
917KB
-
MD5
1e5036f31f6fe30ed4a265f412a8c409
-
SHA1
1cf78ba984b839d0344fcf89d7a79c0a8a861d49
-
SHA256
763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11
-
SHA512
42c3422dd9e1315a4cfa2e64dc047df90c26bf883f41bcdd1e67908d417b4aad4ecb85354e0a5700694b41cc4e79004c7e307ff7e3ba908f20312c0761a083ea
-
SSDEEP
24576:CMyzK5Rl/UuaeuIsCC/G3LYDmFywvGf5i5Dw:uIy3etlEGcmywufk
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-