General
-
Target
7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d
-
Size
1.3MB
-
Sample
231111-bccc4acd7t
-
MD5
b6814d6964e995a86c1906c8f85ad94b
-
SHA1
c9c7fb011e2f994ef81230ac09c0160321b54293
-
SHA256
7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d
-
SHA512
a8b488830c101e525abba2ca65691f77953d9cfb744013821ae70ce789409fdffa333bab1f4bd26d12e1be8ab00e544ff4a5caf029ee042e2d954ee493b79c29
-
SSDEEP
24576:xyBsr9+YnHR2aeaIsbCQGQA2D+OJaek1IQ2Y5xvyyCBvRuGpxen8y9OLCk:kBsgYH5ehuZGIrwesIQv5oyCBv0cen8m
Static task
static1
Behavioral task
behavioral1
Sample
7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d
-
Size
1.3MB
-
MD5
b6814d6964e995a86c1906c8f85ad94b
-
SHA1
c9c7fb011e2f994ef81230ac09c0160321b54293
-
SHA256
7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d
-
SHA512
a8b488830c101e525abba2ca65691f77953d9cfb744013821ae70ce789409fdffa333bab1f4bd26d12e1be8ab00e544ff4a5caf029ee042e2d954ee493b79c29
-
SSDEEP
24576:xyBsr9+YnHR2aeaIsbCQGQA2D+OJaek1IQ2Y5xvyyCBvRuGpxen8y9OLCk:kBsgYH5ehuZGIrwesIQv5oyCBv0cen8m
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-