General
-
Target
1c9ff9394f050e641023445185ab7f78.exe
-
Size
522KB
-
Sample
231111-jjncyade55
-
MD5
1c9ff9394f050e641023445185ab7f78
-
SHA1
28ded8853ffbe30202c59e3c365ed4cbd6924260
-
SHA256
8fbb18ef24e9c8f05209909a7723fe076b478dde5b9385a1d23f0ad46a8751aa
-
SHA512
e7dd569295ac63cf60a832f1beae0a7333e59187f61fcf959be7112a6a7ba4033308d2a4908921c942ad2e44620e45be9d6c59d30ea8378d54c1779b2c94372e
-
SSDEEP
12288:PMrRy906PlgSocnKVV93NED9J1Oip7mfsqg:ayHl73Kj9OpJ1Oip6sF
Static task
static1
Behavioral task
behavioral1
Sample
1c9ff9394f050e641023445185ab7f78.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
1c9ff9394f050e641023445185ab7f78.exe
-
Size
522KB
-
MD5
1c9ff9394f050e641023445185ab7f78
-
SHA1
28ded8853ffbe30202c59e3c365ed4cbd6924260
-
SHA256
8fbb18ef24e9c8f05209909a7723fe076b478dde5b9385a1d23f0ad46a8751aa
-
SHA512
e7dd569295ac63cf60a832f1beae0a7333e59187f61fcf959be7112a6a7ba4033308d2a4908921c942ad2e44620e45be9d6c59d30ea8378d54c1779b2c94372e
-
SSDEEP
12288:PMrRy906PlgSocnKVV93NED9J1Oip7mfsqg:ayHl73Kj9OpJ1Oip6sF
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-