General
-
Target
f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984
-
Size
917KB
-
Sample
231111-bqsl8sda2v
-
MD5
9eacea86984358ce86ab1b7aa19d06dd
-
SHA1
93234a6edeb6b55e358fb32a11bcf38a7c017053
-
SHA256
f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984
-
SHA512
acab999dbb9b3cdbc283f29b2aee5ef7ffb5b10fc5f73f8b6e1f03e791e953737f651f657f2016bf0fbe21410d22ab2cb4dc3e037cbb2a11364ebe551856dad2
-
SSDEEP
24576:DyWUviaeuIseC/G1LYDQgCSY2WLiYkI66:WWOretPEGOE3/2Ki
Static task
static1
Behavioral task
behavioral1
Sample
f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984
-
Size
917KB
-
MD5
9eacea86984358ce86ab1b7aa19d06dd
-
SHA1
93234a6edeb6b55e358fb32a11bcf38a7c017053
-
SHA256
f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984
-
SHA512
acab999dbb9b3cdbc283f29b2aee5ef7ffb5b10fc5f73f8b6e1f03e791e953737f651f657f2016bf0fbe21410d22ab2cb4dc3e037cbb2a11364ebe551856dad2
-
SSDEEP
24576:DyWUviaeuIseC/G1LYDQgCSY2WLiYkI66:WWOretPEGOE3/2Ki
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-