General
-
Target
2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b
-
Size
917KB
-
Sample
231111-glpyfaca4z
-
MD5
50d227379e0db1d76e7d4798906c3b90
-
SHA1
88f50e56fb0d73650c677610bd708d492ff27c6b
-
SHA256
2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b
-
SHA512
64f3ea63a704ee48bbc84f6d7433a87cc9f7449ff817fae85704895b30318cd4352f313235689c3480cdd62fcf9343ce8f7d3d1570b828b18df697cf57e629a7
-
SSDEEP
24576:UyRGN5UaeuIsSC/GtLYDxAV1207N+e5F:jRINet9EGGNk12m+s
Static task
static1
Behavioral task
behavioral1
Sample
2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b
-
Size
917KB
-
MD5
50d227379e0db1d76e7d4798906c3b90
-
SHA1
88f50e56fb0d73650c677610bd708d492ff27c6b
-
SHA256
2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b
-
SHA512
64f3ea63a704ee48bbc84f6d7433a87cc9f7449ff817fae85704895b30318cd4352f313235689c3480cdd62fcf9343ce8f7d3d1570b828b18df697cf57e629a7
-
SSDEEP
24576:UyRGN5UaeuIsSC/GtLYDxAV1207N+e5F:jRINet9EGGNk12m+s
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-