General
-
Target
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
-
Size
1.3MB
-
Sample
231111-gsqtbadc67
-
MD5
562e741db6dea71097e78ec26df4dfe5
-
SHA1
3665d7ad07da03231886bca3263019dff7cacf82
-
SHA256
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
-
SHA512
84ce04dcacb69d4b05e958f214c72ff74eec601bf41a1f24501a494877a35de52c36f911a2788b94dfac072a594866edf3e18064abad3d4531ca2106e3192153
-
SSDEEP
24576:tym4F4yXUon3S0N+YaerIsRC2GS1PDkI3f7Uy1vgJbef/UliJtYfMsJg1JwmE:ImjyXUonTQBek2PGgJf7Uy1vgJb8/UlI
Static task
static1
Behavioral task
behavioral1
Sample
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
-
Size
1.3MB
-
MD5
562e741db6dea71097e78ec26df4dfe5
-
SHA1
3665d7ad07da03231886bca3263019dff7cacf82
-
SHA256
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
-
SHA512
84ce04dcacb69d4b05e958f214c72ff74eec601bf41a1f24501a494877a35de52c36f911a2788b94dfac072a594866edf3e18064abad3d4531ca2106e3192153
-
SSDEEP
24576:tym4F4yXUon3S0N+YaerIsRC2GS1PDkI3f7Uy1vgJbef/UliJtYfMsJg1JwmE:ImjyXUonTQBek2PGgJf7Uy1vgJb8/UlI
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-