General
-
Target
703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
-
Size
917KB
-
Sample
231111-jllxwsde73
-
MD5
16bc1fe543c26fb7565bb9f9557da4fc
-
SHA1
e4278b1e91740abd64c747ef573c994b06653544
-
SHA256
703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
-
SHA512
e1f1b7462f07b34cba528c3721c4ff81121e34e5d8f9b1f90480ecbe607f0d20b29d0daa71df0c047512a26f2fb32c7b7c1dfa12fb661916fe4f8dfe66c8d415
-
SSDEEP
24576:4ypnjLvydaeuIsKC/GJLYDBSi6Pv9ej61Zy:/pnjLletjEGCNSPleK
Static task
static1
Behavioral task
behavioral1
Sample
703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
-
Size
917KB
-
MD5
16bc1fe543c26fb7565bb9f9557da4fc
-
SHA1
e4278b1e91740abd64c747ef573c994b06653544
-
SHA256
703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
-
SHA512
e1f1b7462f07b34cba528c3721c4ff81121e34e5d8f9b1f90480ecbe607f0d20b29d0daa71df0c047512a26f2fb32c7b7c1dfa12fb661916fe4f8dfe66c8d415
-
SSDEEP
24576:4ypnjLvydaeuIsKC/GJLYDBSi6Pv9ej61Zy:/pnjLletjEGCNSPleK
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-