General
-
Target
5c7433de6e2b0d06b40505b52833992e5f8548b44ab90de2fd26b57542413fb9
-
Size
1.3MB
-
Sample
231111-hch9zadd66
-
MD5
0226771a6d4b8f27624111695818dac0
-
SHA1
c651afa8827ba8f7182b7d311a02c33225b2a3d1
-
SHA256
5c7433de6e2b0d06b40505b52833992e5f8548b44ab90de2fd26b57542413fb9
-
SHA512
732f5b12a2248f553dbf6bc48031e2ca0a2695412271ba689c77b67512684e0ceacede5a48092d1f9d7e9bc1e71359b192b0c9d44c96246d43acbba21eeefc81
-
SSDEEP
24576:6yD3OI4pYx8aegIsTCQGc96DREIHe2us/stRP8bsyHXzeNVx:B7OvEenQ5GTSIHis/sniJ36N
Static task
static1
Behavioral task
behavioral1
Sample
5c7433de6e2b0d06b40505b52833992e5f8548b44ab90de2fd26b57542413fb9.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
5c7433de6e2b0d06b40505b52833992e5f8548b44ab90de2fd26b57542413fb9
-
Size
1.3MB
-
MD5
0226771a6d4b8f27624111695818dac0
-
SHA1
c651afa8827ba8f7182b7d311a02c33225b2a3d1
-
SHA256
5c7433de6e2b0d06b40505b52833992e5f8548b44ab90de2fd26b57542413fb9
-
SHA512
732f5b12a2248f553dbf6bc48031e2ca0a2695412271ba689c77b67512684e0ceacede5a48092d1f9d7e9bc1e71359b192b0c9d44c96246d43acbba21eeefc81
-
SSDEEP
24576:6yD3OI4pYx8aegIsTCQGc96DREIHe2us/stRP8bsyHXzeNVx:B7OvEenQ5GTSIHis/sniJ36N
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-