General
-
Target
09ea418a58b0ce618ac768488983107a.bin
-
Size
467KB
-
Sample
231111-bc9nladd74
-
MD5
1f1ddb689bb566726a15bde9674c511a
-
SHA1
bb5f044986ca6fe31cf1da4b7a3ec010ee96e51a
-
SHA256
ddd00337ce7006f0adb4957a1a3f85b4a70b0efffce5857b0ffcf9e542585d4e
-
SHA512
540cbc909975ee9dd8bab6f50675be1b7305f289d0376de65d52e51a3029a470bb58db47a75187b79c592f1fc7efec09261dd8248e7dc174e59dc7dc356b0515
-
SSDEEP
6144:fo2cAlJRNmUpinh+9Lh4//VRI+RNPElAZp1mkJT81DLDLjyz+KjroP8UBm98FXe6:wmJRNdVkVRRVElAP85fabj8FOH0okH
Static task
static1
Behavioral task
behavioral1
Sample
c10a2bf3195e2845d300da532b6dd148b5ec3630307fb04ddc01e0cbd381d0ed.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
c10a2bf3195e2845d300da532b6dd148b5ec3630307fb04ddc01e0cbd381d0ed.bin
-
Size
511KB
-
MD5
09ea418a58b0ce618ac768488983107a
-
SHA1
10320817bbcd26c582083177811e5c142b39a44c
-
SHA256
c10a2bf3195e2845d300da532b6dd148b5ec3630307fb04ddc01e0cbd381d0ed
-
SHA512
aa0038af96e663391a94b4f6bae53e5a6c8c91041bacb9185ca83a9b40ac78fc0150cebe8b82e4f778e50a6ade4898c29bf4b4d3269108ea50ea52628a8bb3ec
-
SSDEEP
12288:PMrsy902IhgTbZ6vwpe8Y8TUs2MuX+4+wSR9FCV5ft4:Lyih3f8YSz2MuuUS3Cfu
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-