General
-
Target
65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f
-
Size
917KB
-
Sample
231111-agmh7abc5x
-
MD5
107bf9d110cb622e19a723b31b6862ed
-
SHA1
47ef197e7b595fae417fb8db440e925ae29f5ab6
-
SHA256
65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f
-
SHA512
eb3fa04b1d5840fe86b3356490dc973164e3db62336bf04090ce01e5dea7ee6f3bc0291f40a5b0873a1b97d0b00e4f47449d5cc3836203d1f677ea20f376d100
-
SSDEEP
24576:KyG5x8aeuIsKC/GPLYDpgQ0IL0Jq5iNH0BLP/yPR:RG5HetrEG0qXIL0w5i9mD/y
Static task
static1
Behavioral task
behavioral1
Sample
65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f
-
Size
917KB
-
MD5
107bf9d110cb622e19a723b31b6862ed
-
SHA1
47ef197e7b595fae417fb8db440e925ae29f5ab6
-
SHA256
65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f
-
SHA512
eb3fa04b1d5840fe86b3356490dc973164e3db62336bf04090ce01e5dea7ee6f3bc0291f40a5b0873a1b97d0b00e4f47449d5cc3836203d1f677ea20f376d100
-
SSDEEP
24576:KyG5x8aeuIsKC/GPLYDpgQ0IL0Jq5iNH0BLP/yPR:RG5HetrEG0qXIL0w5i9mD/y
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-