General
-
Target
e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
-
Size
917KB
-
Sample
231111-h3dgeade27
-
MD5
39aadf54fc2905c31a7e97cb94cf37d3
-
SHA1
2906ba4eb12fc44923510fc0d0f46a4648ae8899
-
SHA256
e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
-
SHA512
6960045f785cedad8c2737783d9bb45d696c18c13b6284cb59d7e546a084d26cbe561d6b7263ef22f6af20960cdb13cc64b0b1b49e38c94548ac020c1fa075bb
-
SSDEEP
24576:lyGZqLSgMjfaeuIsaC/GdLYDJkWHo0J9:AGZ+SzCetzEGWVkWHoS
Static task
static1
Behavioral task
behavioral1
Sample
e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
-
Size
917KB
-
MD5
39aadf54fc2905c31a7e97cb94cf37d3
-
SHA1
2906ba4eb12fc44923510fc0d0f46a4648ae8899
-
SHA256
e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
-
SHA512
6960045f785cedad8c2737783d9bb45d696c18c13b6284cb59d7e546a084d26cbe561d6b7263ef22f6af20960cdb13cc64b0b1b49e38c94548ac020c1fa075bb
-
SSDEEP
24576:lyGZqLSgMjfaeuIsaC/GdLYDJkWHo0J9:AGZ+SzCetzEGWVkWHoS
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-