General
-
Target
31303c625c6794a4249a51ba70d72ac4d1110eb197113bb5b6643f9fef95625f
-
Size
917KB
-
Sample
231111-hn5x4scd6t
-
MD5
5e9126b7fd6d526b577ca8fa4edb1bb0
-
SHA1
a7ba5891b3a27daf9cce0028dc74c7c381f37c8a
-
SHA256
31303c625c6794a4249a51ba70d72ac4d1110eb197113bb5b6643f9fef95625f
-
SHA512
c72e7fee0e9690bc16b6acd90026177b1fbf4bb75ad79973ded75953a541edd356d81ff20055eaeb87a4e61f33bbdd8e7fe0d7d1ee07f9aa6e7096ba66e8704a
-
SSDEEP
24576:jylciLyFaeuIsCC/GvLYDDJPnY3asX2+P:2GiL/etjEGU5Yv2
Static task
static1
Behavioral task
behavioral1
Sample
31303c625c6794a4249a51ba70d72ac4d1110eb197113bb5b6643f9fef95625f.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
31303c625c6794a4249a51ba70d72ac4d1110eb197113bb5b6643f9fef95625f
-
Size
917KB
-
MD5
5e9126b7fd6d526b577ca8fa4edb1bb0
-
SHA1
a7ba5891b3a27daf9cce0028dc74c7c381f37c8a
-
SHA256
31303c625c6794a4249a51ba70d72ac4d1110eb197113bb5b6643f9fef95625f
-
SHA512
c72e7fee0e9690bc16b6acd90026177b1fbf4bb75ad79973ded75953a541edd356d81ff20055eaeb87a4e61f33bbdd8e7fe0d7d1ee07f9aa6e7096ba66e8704a
-
SSDEEP
24576:jylciLyFaeuIsCC/GvLYDDJPnY3asX2+P:2GiL/etjEGU5Yv2
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-