General
-
Target
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84
-
Size
1.3MB
-
Sample
231111-gllwsaca4w
-
MD5
dd4cccedd56718598764a96494e85a9b
-
SHA1
4290c5bfbc161d8a6df9cab017ca52d7f49bd511
-
SHA256
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84
-
SHA512
9b949d0af240706af0ac2ea381fe66555408aed71fac147c0f5aa0ea4cf3b0e663dd21ab7c7c1246848881ca838eac1a1ed640ad23fb0d8172243008867ac9af
-
SSDEEP
24576:qyW2rfo2K4lVI4nzaeRIsnCGGmw/DIz69p/qgiY8DXXYEMC4yHLHCLUkNsTcodHE:xxLxbJGeKsBGbMYgBZDnYEJrHCLUS8Mb
Static task
static1
Behavioral task
behavioral1
Sample
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84
-
Size
1.3MB
-
MD5
dd4cccedd56718598764a96494e85a9b
-
SHA1
4290c5bfbc161d8a6df9cab017ca52d7f49bd511
-
SHA256
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84
-
SHA512
9b949d0af240706af0ac2ea381fe66555408aed71fac147c0f5aa0ea4cf3b0e663dd21ab7c7c1246848881ca838eac1a1ed640ad23fb0d8172243008867ac9af
-
SSDEEP
24576:qyW2rfo2K4lVI4nzaeRIsnCGGmw/DIz69p/qgiY8DXXYEMC4yHLHCLUkNsTcodHE:xxLxbJGeKsBGbMYgBZDnYEJrHCLUS8Mb
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-