General
-
Target
0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8
-
Size
1.3MB
-
Sample
231111-bwxhdaec52
-
MD5
92ddba9635cb5dc202d5b6f549699eaa
-
SHA1
cabefd17e7a97dfa06a2c2602305f6f1e4a95825
-
SHA256
0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8
-
SHA512
2fd477576fdb609ca0fa850e78f7b60071990e79f3af02e25d3a27715932dbbaf0e9c6f213c6a22c11912258908d52dff2a909d5ac20e95ac90cff7fd7f41f66
-
SSDEEP
24576:TyO8gjX/GdaebIs5C4Gb3IDYmdAjrPRmCm/oBCWLkoT962MgpYL7l:m3gaYeUqfGsUmsr5mCm4pLks9629py
Static task
static1
Behavioral task
behavioral1
Sample
0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8.exe
Resource
win10-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8
-
Size
1.3MB
-
MD5
92ddba9635cb5dc202d5b6f549699eaa
-
SHA1
cabefd17e7a97dfa06a2c2602305f6f1e4a95825
-
SHA256
0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8
-
SHA512
2fd477576fdb609ca0fa850e78f7b60071990e79f3af02e25d3a27715932dbbaf0e9c6f213c6a22c11912258908d52dff2a909d5ac20e95ac90cff7fd7f41f66
-
SSDEEP
24576:TyO8gjX/GdaebIs5C4Gb3IDYmdAjrPRmCm/oBCWLkoT962MgpYL7l:m3gaYeUqfGsUmsr5mCm4pLks9629py
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-