General
-
Target
8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2
-
Size
917KB
-
Sample
231111-jy6stscf3w
-
MD5
e0b2090119402c00eb7d3287e551c452
-
SHA1
c490eb2aab6dad6fb8757cd4a00b29a6c1f21527
-
SHA256
8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2
-
SHA512
b31fd7ddf96c9168860dc7416831d49b38f8be73261e471748330cd4e1a2999f7092c4d983c773b837ca5718a11fd558efb1b5c4acd80c134e6cbb05c09acae6
-
SSDEEP
12288:CMrGy90uUk3KbOnZNd35aex4IC56pCPHGnnPLvTMXiYQVD4j6UeF3iEGCtNjp5Lg:4y1UeZ75aeuIsGC/GzLYD0jLLa8fEuU
Static task
static1
Behavioral task
behavioral1
Sample
8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2
-
Size
917KB
-
MD5
e0b2090119402c00eb7d3287e551c452
-
SHA1
c490eb2aab6dad6fb8757cd4a00b29a6c1f21527
-
SHA256
8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2
-
SHA512
b31fd7ddf96c9168860dc7416831d49b38f8be73261e471748330cd4e1a2999f7092c4d983c773b837ca5718a11fd558efb1b5c4acd80c134e6cbb05c09acae6
-
SSDEEP
12288:CMrGy90uUk3KbOnZNd35aex4IC56pCPHGnnPLvTMXiYQVD4j6UeF3iEGCtNjp5Lg:4y1UeZ75aeuIsGC/GzLYD0jLLa8fEuU
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-