General
-
Target
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c
-
Size
917KB
-
Sample
231111-j41trsdf49
-
MD5
952f92d0033af2b56f4987194ab4f93c
-
SHA1
dcd88d37d13768d91fd8fe09d6f80fbf2398adf1
-
SHA256
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c
-
SHA512
6e4f23cf76222e34518fee9bd22d0d0d0365a1a1da4ad069f77939e66cadf77cf19cf8868a4446cafe1417ca41e0654993179e05fad4039d2e10f0b515db2580
-
SSDEEP
24576:uyvM3qVR+giSiaLaeuIsuC/GFLYDKSki73ivn30EkDa:9U3qV8gUaOetREG+GSv3i/30
Static task
static1
Behavioral task
behavioral1
Sample
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c
-
Size
917KB
-
MD5
952f92d0033af2b56f4987194ab4f93c
-
SHA1
dcd88d37d13768d91fd8fe09d6f80fbf2398adf1
-
SHA256
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c
-
SHA512
6e4f23cf76222e34518fee9bd22d0d0d0365a1a1da4ad069f77939e66cadf77cf19cf8868a4446cafe1417ca41e0654993179e05fad4039d2e10f0b515db2580
-
SSDEEP
24576:uyvM3qVR+giSiaLaeuIsuC/GFLYDKSki73ivn30EkDa:9U3qV8gUaOetREG+GSv3i/30
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-