General
-
Target
f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8
-
Size
919KB
-
Sample
231111-cahyjaeh69
-
MD5
d14197e106778029f1c4a36dac25ab0b
-
SHA1
b9b29c3b9ef42f3b7132c63bd7e87a19a056a8f9
-
SHA256
f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8
-
SHA512
cc40941c079c254e414fc77ea298ed792d6b71f2ffe9ad351a73440c7a8515053b0faaa076258038db00d38753c5a522dcb5db6e27d993d81f825547c958c84f
-
SSDEEP
24576:iyt1YNexhJaeuIsaC/GBLYDLaEUQQRFo7tCcparjPQKE:JtWYxhketDEGaZUQSQtCJrjR
Static task
static1
Behavioral task
behavioral1
Sample
f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8
-
Size
919KB
-
MD5
d14197e106778029f1c4a36dac25ab0b
-
SHA1
b9b29c3b9ef42f3b7132c63bd7e87a19a056a8f9
-
SHA256
f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8
-
SHA512
cc40941c079c254e414fc77ea298ed792d6b71f2ffe9ad351a73440c7a8515053b0faaa076258038db00d38753c5a522dcb5db6e27d993d81f825547c958c84f
-
SSDEEP
24576:iyt1YNexhJaeuIsaC/GBLYDLaEUQQRFo7tCcparjPQKE:JtWYxhketDEGaZUQSQtCJrjR
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-