General
-
Target
c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0
-
Size
919KB
-
Sample
231111-a1rbgscg85
-
MD5
94c91def6f6ef57fa8330bed78f452a9
-
SHA1
2ab52e104e3c1f189c0a231b2ea781d970a60e12
-
SHA256
c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0
-
SHA512
74464e1bce567aa615aadc93cd5d613462582d0e88af6781f54740441d73417087c5aa1fce60674b222bad7bef8ac941deba0134493d34da4a224a90a97d733f
-
SSDEEP
24576:QyDaCj5UaeuIsKC/GdLYDxGNnXDz8CBvuDMdl+l:XRNet9EGW1G1v15u5
Static task
static1
Behavioral task
behavioral1
Sample
c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0
-
Size
919KB
-
MD5
94c91def6f6ef57fa8330bed78f452a9
-
SHA1
2ab52e104e3c1f189c0a231b2ea781d970a60e12
-
SHA256
c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0
-
SHA512
74464e1bce567aa615aadc93cd5d613462582d0e88af6781f54740441d73417087c5aa1fce60674b222bad7bef8ac941deba0134493d34da4a224a90a97d733f
-
SSDEEP
24576:QyDaCj5UaeuIsKC/GdLYDxGNnXDz8CBvuDMdl+l:XRNet9EGW1G1v15u5
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-