General
-
Target
2cc708f3d55601725c84f96a09757160.bin
-
Size
470KB
-
Sample
231111-bq4dqsea56
-
MD5
e9e8db2980b906d79e94d70012495d7f
-
SHA1
a247ee412de2ff7de2b23c2b6ba68feeacf6e8e1
-
SHA256
41a9983709d78c2d85a184a2282a1ceb0c3296211459fd337dfab7c0bcc2e48a
-
SHA512
989df06f41a3bfc9bb0abe10b4eb75d974d539183c5b4a7860725be23891e1a5962d0db798119add77ad204c19660f79a58b77092dfc41f477bc98fd69e79a71
-
SSDEEP
12288:6Hux9pW8SB2+VX+4n1s8MchUasQwabaBcOwB5L/mbpJC:6Hulw2+1Ffndojhw7/mNJC
Static task
static1
Behavioral task
behavioral1
Sample
ef19502103975d722d4e7e31efa10e138b033507c9b3ffa65a60566220314f72.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
ef19502103975d722d4e7e31efa10e138b033507c9b3ffa65a60566220314f72.bin
-
Size
514KB
-
MD5
2cc708f3d55601725c84f96a09757160
-
SHA1
7be5de8be61fcea3af1a75bcec06c6a4d40049c2
-
SHA256
ef19502103975d722d4e7e31efa10e138b033507c9b3ffa65a60566220314f72
-
SHA512
148091db02a03991501e0ed2e9d347a969ede8aaaa61161ed2d8af2469d57c9ab3fd85f91358f7aebce3a343459ded7c1991dcec2cb99144368ff2b5f3b3f956
-
SSDEEP
12288:rMrJy90O2JydXHUDXcOCmymAR9xRcqZgZCmgDBSFeZJ:CyV0cOhymAR9zR0uDcFeZJ
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-