General
-
Target
9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837
-
Size
917KB
-
Sample
231111-ge8f7sch45
-
MD5
b2f8209ba150548db048c42042cee92c
-
SHA1
025191a7cb603f278389435369c3438161b31655
-
SHA256
9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837
-
SHA512
1691c4590cfdf67a00f3e09e167c4290cf00d2b78de8c0a080bb76a7cb1aa74859920dda0c6948cb80c89da25e8dae4b7197a9ef60e5c7b9070a40d35e40eb98
-
SSDEEP
24576:ey4H3tVJh5caeuIseC/GRLYDHD418y592ElB:tmZletJEGKzM1B
Static task
static1
Behavioral task
behavioral1
Sample
9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837
-
Size
917KB
-
MD5
b2f8209ba150548db048c42042cee92c
-
SHA1
025191a7cb603f278389435369c3438161b31655
-
SHA256
9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837
-
SHA512
1691c4590cfdf67a00f3e09e167c4290cf00d2b78de8c0a080bb76a7cb1aa74859920dda0c6948cb80c89da25e8dae4b7197a9ef60e5c7b9070a40d35e40eb98
-
SSDEEP
24576:ey4H3tVJh5caeuIseC/GRLYDHD418y592ElB:tmZletJEGKzM1B
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-