General
-
Target
1f97dcd392862697d1a768bc1f704f3f.bin
-
Size
467KB
-
Sample
231111-bl4hyadg89
-
MD5
6e6000271de5f67388102b8034911cc3
-
SHA1
0cc3b0068a12784b2155fac444de1da2d9921998
-
SHA256
21fec6c9296800b8fb0d7ea5f1a4d1cecddfe268a0b9eb44e5442855cd0082a0
-
SHA512
f22c779444afaed412b5184fae504f75a19fe6b8970d7cbba126e59f3b68d7b07d90ccf514534c3e9edb795b68753c3a05f1235954f904d3ca274235e488a9db
-
SSDEEP
12288:JdsPY+VJeAL56E8BYwlgQTffO/qPnXcbAI+Baiuqg9g1TJ:JiPJJeAL572bNPnsMdazq
Static task
static1
Behavioral task
behavioral1
Sample
60aeb9d314969e4ab8acf4425cbfc680a537ee247b2b6aec84c4dc5ef9025b78.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
60aeb9d314969e4ab8acf4425cbfc680a537ee247b2b6aec84c4dc5ef9025b78.bin
-
Size
511KB
-
MD5
1f97dcd392862697d1a768bc1f704f3f
-
SHA1
35e584af8b8f98dc1ab4505a27a293e9c519e42d
-
SHA256
60aeb9d314969e4ab8acf4425cbfc680a537ee247b2b6aec84c4dc5ef9025b78
-
SHA512
b230c2efe3a447501d331df1eb75bc3b7777b2e2d9abb17103c2ad86581d3604284cfcb39eba3f35284dd055f9467a34e0cdbb75c4d9d2081db9be2e17e00308
-
SSDEEP
12288:SMrEy90IBJ915doOwDIrY8TUs2kuT+4+wSRYFsrXqPRq9:2ybzYSz2ku6USSmTqZq9
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-