General
-
Target
e0e300b8c5294493336e9e20544eeb821451bdea2930997be077cb768be5feec
-
Size
917KB
-
Sample
231111-h8mx2acd8y
-
MD5
daf2040fb949409f3fc8ce11e0faf881
-
SHA1
8c817cf83e4da44a0816dbfd236e8645b59c035e
-
SHA256
e0e300b8c5294493336e9e20544eeb821451bdea2930997be077cb768be5feec
-
SHA512
4caeab55846c32d5034b065d8880e57c5cf1ed3d7c4866eb016f3c41b0ad422905a42d3e8ff860ca025a945fea002c7e131476db6d85f56eb1cb65dde94d317f
-
SSDEEP
24576:cyLpbkgF5oaeuIsWC/GNLYDXt5z8zvtNz:LL1LTRetJEGmzt5ze7
Static task
static1
Behavioral task
behavioral1
Sample
e0e300b8c5294493336e9e20544eeb821451bdea2930997be077cb768be5feec.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
e0e300b8c5294493336e9e20544eeb821451bdea2930997be077cb768be5feec
-
Size
917KB
-
MD5
daf2040fb949409f3fc8ce11e0faf881
-
SHA1
8c817cf83e4da44a0816dbfd236e8645b59c035e
-
SHA256
e0e300b8c5294493336e9e20544eeb821451bdea2930997be077cb768be5feec
-
SHA512
4caeab55846c32d5034b065d8880e57c5cf1ed3d7c4866eb016f3c41b0ad422905a42d3e8ff860ca025a945fea002c7e131476db6d85f56eb1cb65dde94d317f
-
SSDEEP
24576:cyLpbkgF5oaeuIsWC/GNLYDXt5z8zvtNz:LL1LTRetJEGmzt5ze7
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-