General
-
Target
b55d17a7ba13c5b1024973b993dace7b7c87feaa43053e30f90a5afa4f11a756
-
Size
916KB
-
Sample
231111-b4k5baef32
-
MD5
25ab23580ea651b45d65088a0abc2592
-
SHA1
34c32dff006313bd8396f7cc8070e06754439315
-
SHA256
b55d17a7ba13c5b1024973b993dace7b7c87feaa43053e30f90a5afa4f11a756
-
SHA512
d1994913f8d978a75c1d998eaf3e6d198304cf9c191ab6aed74db3d391614e1813823262133a284fdcc60a88b6142170e43c725df217eda849e4623af1cd8cfc
-
SSDEEP
12288:xMrOy90oK4Ic0NldHfcaex4IC5upCPHG6QPLvTMXiYQpDrsS7lBB+YsBwHG/TX8O:3y9IT50aeuIsKC/GxLYDkcPCWT
Static task
static1
Behavioral task
behavioral1
Sample
b55d17a7ba13c5b1024973b993dace7b7c87feaa43053e30f90a5afa4f11a756.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
b55d17a7ba13c5b1024973b993dace7b7c87feaa43053e30f90a5afa4f11a756
-
Size
916KB
-
MD5
25ab23580ea651b45d65088a0abc2592
-
SHA1
34c32dff006313bd8396f7cc8070e06754439315
-
SHA256
b55d17a7ba13c5b1024973b993dace7b7c87feaa43053e30f90a5afa4f11a756
-
SHA512
d1994913f8d978a75c1d998eaf3e6d198304cf9c191ab6aed74db3d391614e1813823262133a284fdcc60a88b6142170e43c725df217eda849e4623af1cd8cfc
-
SSDEEP
12288:xMrOy90oK4Ic0NldHfcaex4IC5upCPHG6QPLvTMXiYQpDrsS7lBB+YsBwHG/TX8O:3y9IT50aeuIsKC/GxLYDkcPCWT
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-