General
-
Target
02edbc4a7fd4388e91c08cc51e3bb70422cb0547c651577e126c41e04bb5386e
-
Size
1.3MB
-
Sample
231111-ge8f7sch44
-
MD5
2d54fd6571f4b4d044ff3d0527d76b6d
-
SHA1
4a0b5ce326dcfbcffa7cee7bd4e0044a87e0bd08
-
SHA256
02edbc4a7fd4388e91c08cc51e3bb70422cb0547c651577e126c41e04bb5386e
-
SHA512
ea36400ddfdbda9d39d83f790df70caf869ba98cc5d209a5c28500c10a010b64beac595f9fdc00fb787988d32b261499647f18456a9089361f6435459d9366c0
-
SSDEEP
24576:gyn8CbOTUHtW+YaeUIs3CjGvMnDTfJJz+DqV/lqlYKRTDSp1XA3sy1AE6rcfQ:nJOTUHtWmezWiGyXlV/lqeeapUUcf
Static task
static1
Behavioral task
behavioral1
Sample
02edbc4a7fd4388e91c08cc51e3bb70422cb0547c651577e126c41e04bb5386e.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
02edbc4a7fd4388e91c08cc51e3bb70422cb0547c651577e126c41e04bb5386e
-
Size
1.3MB
-
MD5
2d54fd6571f4b4d044ff3d0527d76b6d
-
SHA1
4a0b5ce326dcfbcffa7cee7bd4e0044a87e0bd08
-
SHA256
02edbc4a7fd4388e91c08cc51e3bb70422cb0547c651577e126c41e04bb5386e
-
SHA512
ea36400ddfdbda9d39d83f790df70caf869ba98cc5d209a5c28500c10a010b64beac595f9fdc00fb787988d32b261499647f18456a9089361f6435459d9366c0
-
SSDEEP
24576:gyn8CbOTUHtW+YaeUIs3CjGvMnDTfJJz+DqV/lqlYKRTDSp1XA3sy1AE6rcfQ:nJOTUHtWmezWiGyXlV/lqeeapUUcf
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-