General
-
Target
f3ba685f1d264f5d4f165d5ff0ef31e7ce96c90d0b8c2dd2d5250b2c17230a3a
-
Size
917KB
-
Sample
231111-bj5m8acg2t
-
MD5
ad3dc5c434ebe9756530f811ba403b95
-
SHA1
b14761a4a94c7cd511b42570d6ea478013b20d33
-
SHA256
f3ba685f1d264f5d4f165d5ff0ef31e7ce96c90d0b8c2dd2d5250b2c17230a3a
-
SHA512
746611ccd3e3095514905ba2eed241e22c536a130fffd76c937ca8de3ddff6d759b5d805be7a0a7f1a0726c92718f6dfb3c3a941b61d917d53798bce7c29ec7a
-
SSDEEP
24576:uyMWkL5aeuIsqC/GNLYDRM4mzowMlky+kK:9MSetNEGmqtQkRk
Static task
static1
Behavioral task
behavioral1
Sample
f3ba685f1d264f5d4f165d5ff0ef31e7ce96c90d0b8c2dd2d5250b2c17230a3a.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
f3ba685f1d264f5d4f165d5ff0ef31e7ce96c90d0b8c2dd2d5250b2c17230a3a
-
Size
917KB
-
MD5
ad3dc5c434ebe9756530f811ba403b95
-
SHA1
b14761a4a94c7cd511b42570d6ea478013b20d33
-
SHA256
f3ba685f1d264f5d4f165d5ff0ef31e7ce96c90d0b8c2dd2d5250b2c17230a3a
-
SHA512
746611ccd3e3095514905ba2eed241e22c536a130fffd76c937ca8de3ddff6d759b5d805be7a0a7f1a0726c92718f6dfb3c3a941b61d917d53798bce7c29ec7a
-
SSDEEP
24576:uyMWkL5aeuIsqC/GNLYDRM4mzowMlky+kK:9MSetNEGmqtQkRk
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-