General
-
Target
tmp
-
Size
1.3MB
-
Sample
231111-cg7kgaed3v
-
MD5
1d619a337a80303359ee8aae84f521ee
-
SHA1
fd28dde1b4ffe360892a80550b5a61bd7d4c8309
-
SHA256
97d9671527c935188da25ae0c79605722c9e1941e881d2db90ba8d86671605e8
-
SHA512
0897146aede50627d6f89e76fcc9362cc3b8ae05ab6d4e4291e1fdfc94349c1fdcd83cabf60b8193c0464293cf132d3d1cf892ff07bd2175ae0abfd2d2ccadb0
-
SSDEEP
24576:1yKQiUVCUaSoDaeLIsZCoG0xODBMyO4kBs2rMUWZ534NhRo/thQsScGVZN:QKQiUVirWeEQBGTVMZ4ktnWZ5OD5x
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
tmp
-
Size
1.3MB
-
MD5
1d619a337a80303359ee8aae84f521ee
-
SHA1
fd28dde1b4ffe360892a80550b5a61bd7d4c8309
-
SHA256
97d9671527c935188da25ae0c79605722c9e1941e881d2db90ba8d86671605e8
-
SHA512
0897146aede50627d6f89e76fcc9362cc3b8ae05ab6d4e4291e1fdfc94349c1fdcd83cabf60b8193c0464293cf132d3d1cf892ff07bd2175ae0abfd2d2ccadb0
-
SSDEEP
24576:1yKQiUVCUaSoDaeLIsZCoG0xODBMyO4kBs2rMUWZ534NhRo/thQsScGVZN:QKQiUVirWeEQBGTVMZ4ktnWZ5OD5x
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-