General
-
Target
4935c6480c5631dcdf82d0c4d977a003.bin
-
Size
467KB
-
Sample
231111-bvzw4sdb91
-
MD5
11e58b5b5fd587d957225713e3cdc013
-
SHA1
201ef89bf4f7ea68dc3f9d02a8c353e59afcdec0
-
SHA256
957329c2f57ebcbc539fc7624c6e993e96c1ec1d2515c0fc54e6023824c9ec46
-
SHA512
41a85c92f5a1e84d18fb0eb3b6a3536a140954ab1226e85051913c1488c2d1639e25fb7441efe7abe8fc106681c13c62203881913497003dca6318db1cc823ac
-
SSDEEP
6144:Cn7QhgJOZOa6lLdL5YD3Pw2KySC0HgRu4bY9+I00xi2PUMSVEp2r6qZyg4EeuH41:4vdL5JyKHcJ0xIExql4VV/TySimzgyT
Static task
static1
Behavioral task
behavioral1
Sample
0b0aa624ef09f720ef3757abc35c0c1d0fbd24e9a77500132f5d89d99e9f1164.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
0b0aa624ef09f720ef3757abc35c0c1d0fbd24e9a77500132f5d89d99e9f1164.bin
-
Size
511KB
-
MD5
4935c6480c5631dcdf82d0c4d977a003
-
SHA1
064bf5059b728572e0772be8babec625a98ac7e1
-
SHA256
0b0aa624ef09f720ef3757abc35c0c1d0fbd24e9a77500132f5d89d99e9f1164
-
SHA512
abb31a0317e99cce531c7d0852423f809263e59e7a48026f4805285a304b28c56b119175c865b81a4cbb916c848dcbd4dd9f109078e23d31c92287ee651e2b3d
-
SSDEEP
12288:IMr8y90nvhHGe8Mb+EylwXSM8LbY8TUs2Yur+4+wSRIF2/+jjg+HE+:UyyGZMyOS1bYSz2YuCUS+cuU+k+
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-