General
-
Target
1dd3279447e1790ab2b4fbba22ddaded.bin
-
Size
467KB
-
Sample
231111-blsfnscg6w
-
MD5
907f4ab471d3539b145f85a113a14bd9
-
SHA1
174b9fa4ed1e804dfb443568d1f5242229448e8e
-
SHA256
68902e22a46dde27486f0a3fe6b199b6330afa3a73e2a0657fca51b00b3a6a07
-
SHA512
6993d22a657719bf2ed9feec0c6951c89cfa3d2e0bf21560abf4fc5ba8bea0bb393c750b2cf86e4ea1b2784f0646fe8e0bf09f7c8084364db090157093b98a0c
-
SSDEEP
12288:VCV6xDkTx7Z9qqgJExZE1renbsckKlFfeVwkwbajNPU:q6UxHFgJTUnQgPywkAajhU
Static task
static1
Behavioral task
behavioral1
Sample
16624dff9366edaa52f78d3336fafc6eabc470f992cb615d542da97fe2b8234d.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
16624dff9366edaa52f78d3336fafc6eabc470f992cb615d542da97fe2b8234d.bin
-
Size
511KB
-
MD5
1dd3279447e1790ab2b4fbba22ddaded
-
SHA1
7fed39367c9e341b636e0baa803a8f534d59b11c
-
SHA256
16624dff9366edaa52f78d3336fafc6eabc470f992cb615d542da97fe2b8234d
-
SHA512
56f714c986c2472d5e001171d4dc6c0f5f87d68490ca9ed43540e1fbf1df37c1401cc72612302fed9fdad7653b989dd1a5d5959c57b67e78d05f13b8bb092fc9
-
SSDEEP
12288:pMrPy902pkjlm0wFs61h/+V5Skd61C0UMEVZj:iyLpkvwlh/5kd6Q0Ubvj
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-