General
-
Target
d738f74cd537c3758524c31a16fbc239.exe
-
Size
917KB
-
Sample
231111-jktw4sce4v
-
MD5
d738f74cd537c3758524c31a16fbc239
-
SHA1
971e9ab191e43dee2090ea5ccb0934103fed15ad
-
SHA256
c06acebb9764a806c9094a4efc1f811d5041ffe29e92378cccc32b73cb69d101
-
SHA512
71430d3cedc2370964bf7667b5cc06a135ca1e534ddfd84e21c0512bb0be22096b3d3c3bfd1a4c2d0163c5fb864bd0ab7c3b99da4f56e6952bf8618dcc62c56b
-
SSDEEP
12288:PMrPy90QFaKIK9Zczaex4IC5CpCPHGH9PLvTMXiYQPD0vISBWLEQqaQ+Iv3H/nCF:AyHFcoIaeuIs+C/G5LYD3QLEQJa3/Up
Static task
static1
Behavioral task
behavioral1
Sample
d738f74cd537c3758524c31a16fbc239.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
d738f74cd537c3758524c31a16fbc239.exe
-
Size
917KB
-
MD5
d738f74cd537c3758524c31a16fbc239
-
SHA1
971e9ab191e43dee2090ea5ccb0934103fed15ad
-
SHA256
c06acebb9764a806c9094a4efc1f811d5041ffe29e92378cccc32b73cb69d101
-
SHA512
71430d3cedc2370964bf7667b5cc06a135ca1e534ddfd84e21c0512bb0be22096b3d3c3bfd1a4c2d0163c5fb864bd0ab7c3b99da4f56e6952bf8618dcc62c56b
-
SSDEEP
12288:PMrPy90QFaKIK9Zczaex4IC5CpCPHGH9PLvTMXiYQPD0vISBWLEQqaQ+Iv3H/nCF:AyHFcoIaeuIs+C/G5LYD3QLEQJa3/Up
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-