General
-
Target
b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2
-
Size
1.3MB
-
Sample
231111-b9e59aeh38
-
MD5
73301f5691f4ab90d7f23333c33051da
-
SHA1
a5daabc556f12d0108df5d8c9c1046f473e49b7b
-
SHA256
b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2
-
SHA512
0369c5775f33fec77567fbce9d1fb5e09490b1a3848815c8606eb512d04c1a927247fbe6e146f42243e3b9be82a83f8325910f8785f27c905f0b7fd5745ac1a0
-
SSDEEP
24576:RyVzwmxGJZIVS4NkvaeSIsiC6G6ZUDaKILN4jP+jFs7K/5tMncn2C:EVzweS73Sepj1GfmKtNKbB
Static task
static1
Behavioral task
behavioral1
Sample
b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2
-
Size
1.3MB
-
MD5
73301f5691f4ab90d7f23333c33051da
-
SHA1
a5daabc556f12d0108df5d8c9c1046f473e49b7b
-
SHA256
b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2
-
SHA512
0369c5775f33fec77567fbce9d1fb5e09490b1a3848815c8606eb512d04c1a927247fbe6e146f42243e3b9be82a83f8325910f8785f27c905f0b7fd5745ac1a0
-
SSDEEP
24576:RyVzwmxGJZIVS4NkvaeSIsiC6G6ZUDaKILN4jP+jFs7K/5tMncn2C:EVzweS73Sepj1GfmKtNKbB
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-