General
-
Target
a5a37dbf68a7dc0698d89bd890957bad.bin
-
Size
466KB
-
Sample
231111-cfl75sfb76
-
MD5
664c74835f471d54cfdf8ce797afc426
-
SHA1
28dc9f1d4081c6f5381cbdeeed2dc60ea2abf982
-
SHA256
095a1ab827af4c4e9db294d6173dea53dcf65445262de4f247a2f24fc19f6b29
-
SHA512
1b36b14c125573d96a7e645d70bc9915433aa75a4bb8d49f792c691bec99dd27e0cd9d23b14d5dae09b20d420350985e1ca7eb7db19ccd8b9a5236c50e201912
-
SSDEEP
6144:JsBi1XZFQzolP15LcjQofgPrfk6palD+hvjOUWkUqXO3vFt3wR05URtrbEgqvgGn:aYPvlCXm2+hUPF1AR5bfOgApGk1zEb0
Static task
static1
Behavioral task
behavioral1
Sample
28632e6e159d1429a42d13b41801762d0e402bd2534a37ea547d6a12054d6151.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
28632e6e159d1429a42d13b41801762d0e402bd2534a37ea547d6a12054d6151.bin
-
Size
511KB
-
MD5
a5a37dbf68a7dc0698d89bd890957bad
-
SHA1
fd87d30daadf2e5f46e4e86e1dba7a8067787d56
-
SHA256
28632e6e159d1429a42d13b41801762d0e402bd2534a37ea547d6a12054d6151
-
SHA512
2e28a757f64aa2ed701733868ce02ff7d685aae0827bd25d7524265f6a9037853d1f20fb602203ed8fa4f3a8c2cb0073b41a0b5550e6b1d7a896bee994ac4de4
-
SSDEEP
12288:AMrby90v3fCeHaoe2bmTe/gs981kUd8syLn35kPmpZk6t0roU1d:LyQ3qe6WbEe/gs98VyrJTvR0z1d
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-