General
-
Target
37f8351de716b397f5800342e170ea83.bin
-
Size
467KB
-
Sample
231111-bvbvaaeb75
-
MD5
5bba869af69d567eb7a440d4b7b7fb04
-
SHA1
05b69451f36de24c390804585fc0ba6e92f5ee66
-
SHA256
f717b720cd8994665c7022d716057be2715cfeb8a53972f7e22d9593f3d482da
-
SHA512
1750ce616c3a01fe5525b0801c8c23e2fe42847008b2987f77dd3cfda6a085832ff2a74db0efae7c857fe9b967581cda5d8ca21d74a56a1acbf6a07b8e031ea5
-
SSDEEP
12288:Ow2548VpcEMcmtZvNYYj9qvULGVzEui5vov5maYa7TvO8N:Ow2VpcbcmDN4UpxooaYavn
Static task
static1
Behavioral task
behavioral1
Sample
b86c2c80111adf7bfa767e50d296fa015501ad9780c41a88c5680382e5abf037.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
b86c2c80111adf7bfa767e50d296fa015501ad9780c41a88c5680382e5abf037.bin
-
Size
511KB
-
MD5
37f8351de716b397f5800342e170ea83
-
SHA1
ea45e463b99c8d71a16342ad51fc1980f7dab4b0
-
SHA256
b86c2c80111adf7bfa767e50d296fa015501ad9780c41a88c5680382e5abf037
-
SHA512
7cf380273217d95c317cf13cc17261409b946e892e0b35b310b59a9bba041767459debac04a84a14a0dd2c71ee099654131cc72e0d7217c6c4c9a2981bc7a591
-
SSDEEP
12288:1Mrzy90h+PiglLrY8TUs26uN+4+wSRuFCUAkr/e:KyS0iqPYSz26uQUSQUUAkrm
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-