General
-
Target
f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0
-
Size
917KB
-
Sample
231110-3v1besbf27
-
MD5
50e8abc58235e9ec7b021daff0be4df7
-
SHA1
e56326514a8ae27675f404d0022cb658010d2842
-
SHA256
f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0
-
SHA512
215afc3d26e898e76dff5846ba328e1ef4a7b7406ad2406260e60e56f507c6d21220c0796b79f6a781b3285d0ce9eb115b479f8e61134569a296f4a74c1c01e2
-
SSDEEP
12288:6Mrcy90Cif9S5zRHncHqJCcU+aex4IC5upCPHG9PPLvTMXiYQjDqVbWQSz1W5iqJ:6ykFeCqU+aeuIsKC/G5LYDoOh0mhA0
Static task
static1
Behavioral task
behavioral1
Sample
f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0
-
Size
917KB
-
MD5
50e8abc58235e9ec7b021daff0be4df7
-
SHA1
e56326514a8ae27675f404d0022cb658010d2842
-
SHA256
f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0
-
SHA512
215afc3d26e898e76dff5846ba328e1ef4a7b7406ad2406260e60e56f507c6d21220c0796b79f6a781b3285d0ce9eb115b479f8e61134569a296f4a74c1c01e2
-
SSDEEP
12288:6Mrcy90Cif9S5zRHncHqJCcU+aex4IC5upCPHG9PPLvTMXiYQjDqVbWQSz1W5iqJ:6ykFeCqU+aeuIsKC/G5LYDoOh0mhA0
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-