General
-
Target
1ca2969c6fb4e26e38a68fc66a07d3aaa2030064a76cdbd402a88d07f8d56580
-
Size
1.3MB
-
Sample
231111-hhrhjadd78
-
MD5
bd3e51c149b921956125129576c3c6e8
-
SHA1
3d0c61485277b075dc734c4c3840db9225f314e9
-
SHA256
1ca2969c6fb4e26e38a68fc66a07d3aaa2030064a76cdbd402a88d07f8d56580
-
SHA512
39bb93f37e23259649ed79cc4ca1ef26166434f5d42bd18293aabb341b4fa60decdaf42bc0f6ed460d16bb49cf5740887b56956f1d05bdafca5ebe1fb160c6ad
-
SSDEEP
24576:7yP4VR1jMZlgae6IshCSGUSRD7fjqxfZUPQReK+mlsm:uPGjMZl5eBEZG1ifd+mls
Static task
static1
Behavioral task
behavioral1
Sample
1ca2969c6fb4e26e38a68fc66a07d3aaa2030064a76cdbd402a88d07f8d56580.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
1ca2969c6fb4e26e38a68fc66a07d3aaa2030064a76cdbd402a88d07f8d56580
-
Size
1.3MB
-
MD5
bd3e51c149b921956125129576c3c6e8
-
SHA1
3d0c61485277b075dc734c4c3840db9225f314e9
-
SHA256
1ca2969c6fb4e26e38a68fc66a07d3aaa2030064a76cdbd402a88d07f8d56580
-
SHA512
39bb93f37e23259649ed79cc4ca1ef26166434f5d42bd18293aabb341b4fa60decdaf42bc0f6ed460d16bb49cf5740887b56956f1d05bdafca5ebe1fb160c6ad
-
SSDEEP
24576:7yP4VR1jMZlgae6IshCSGUSRD7fjqxfZUPQReK+mlsm:uPGjMZl5eBEZG1ifd+mls
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-