General
-
Target
ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d
-
Size
1.3MB
-
Sample
231111-asyqlacf36
-
MD5
5b72b0e1616e69909f6a02675c4f4f0f
-
SHA1
463910dd75977cf22b773eed8d66240fac07b392
-
SHA256
ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d
-
SHA512
e1f0de40885c7af3086565886b8214e5c70f6c87b6c0306b9b05432b593bfca6d3055d750cdb0c4606bffd0c82f33a3186a33267a3a7039d662fba86070449a6
-
SSDEEP
24576:SywO8/0OzWjpo9KaeIIsDCtGoC0Dl0PJbzHzyof7CG95bAfdU3cqRXG:5F8sOzWju9jefoiGgR8/HzhTCwp0UMqR
Static task
static1
Behavioral task
behavioral1
Sample
ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d
-
Size
1.3MB
-
MD5
5b72b0e1616e69909f6a02675c4f4f0f
-
SHA1
463910dd75977cf22b773eed8d66240fac07b392
-
SHA256
ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d
-
SHA512
e1f0de40885c7af3086565886b8214e5c70f6c87b6c0306b9b05432b593bfca6d3055d750cdb0c4606bffd0c82f33a3186a33267a3a7039d662fba86070449a6
-
SSDEEP
24576:SywO8/0OzWjpo9KaeIIsDCtGoC0Dl0PJbzHzyof7CG95bAfdU3cqRXG:5F8sOzWju9jefoiGgR8/HzhTCwp0UMqR
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-