General
-
Target
c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26
-
Size
917KB
-
Sample
231111-hcamtsdd65
-
MD5
8c740d54f1ca696114170cc8c1fdfcdb
-
SHA1
2c65d5981c597719de9e8da006c2d9b7870b0aae
-
SHA256
c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26
-
SHA512
8b31ae81581ded898fb47191cee1e75ae537d143cc4e0a132e6cdf5047393878d7f9e15fa4704b717b87576f90e04d4eb411fcd737f49af4638473421ccbe068
-
SSDEEP
24576:AykmB0/K5gaeuIs6C/GtLYDqj2dbYBQz5dU4:H0s5etlEGG+SFYqz5S
Static task
static1
Behavioral task
behavioral1
Sample
c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26
-
Size
917KB
-
MD5
8c740d54f1ca696114170cc8c1fdfcdb
-
SHA1
2c65d5981c597719de9e8da006c2d9b7870b0aae
-
SHA256
c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26
-
SHA512
8b31ae81581ded898fb47191cee1e75ae537d143cc4e0a132e6cdf5047393878d7f9e15fa4704b717b87576f90e04d4eb411fcd737f49af4638473421ccbe068
-
SSDEEP
24576:AykmB0/K5gaeuIs6C/GtLYDqj2dbYBQz5dU4:H0s5etlEGG+SFYqz5S
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-