General
-
Target
1d2ee107e4a2a6b2a23a6bf34d494d5d087517d46e01ca043172c144ae779930
-
Size
1.3MB
-
Sample
231111-gzjnkscd2t
-
MD5
c0c44e6a8c60c826d07ab9d2f6caa251
-
SHA1
f48f042bfc5af3ea0c6f3e79f6eeb03ae405c4aa
-
SHA256
1d2ee107e4a2a6b2a23a6bf34d494d5d087517d46e01ca043172c144ae779930
-
SHA512
91e33f397b06d09492cade75b4b1ebd040e05b87dd8841036c573f90c31606146727f4d56f02cc709381f7369b446b07439bbb933c4d8d4d1c9b984ab4241a17
-
SSDEEP
24576:+y2iwXPtYrcNaaeYIsGCiGAK6DobukS6275Eg4CZRqopuJBBqZGoFAnUD:NGtPNzev5LGOqukSTzqUDjFAU
Static task
static1
Behavioral task
behavioral1
Sample
1d2ee107e4a2a6b2a23a6bf34d494d5d087517d46e01ca043172c144ae779930.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
1d2ee107e4a2a6b2a23a6bf34d494d5d087517d46e01ca043172c144ae779930
-
Size
1.3MB
-
MD5
c0c44e6a8c60c826d07ab9d2f6caa251
-
SHA1
f48f042bfc5af3ea0c6f3e79f6eeb03ae405c4aa
-
SHA256
1d2ee107e4a2a6b2a23a6bf34d494d5d087517d46e01ca043172c144ae779930
-
SHA512
91e33f397b06d09492cade75b4b1ebd040e05b87dd8841036c573f90c31606146727f4d56f02cc709381f7369b446b07439bbb933c4d8d4d1c9b984ab4241a17
-
SSDEEP
24576:+y2iwXPtYrcNaaeYIsGCiGAK6DobukS6275Eg4CZRqopuJBBqZGoFAnUD:NGtPNzev5LGOqukSTzqUDjFAU
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-