General
-
Target
d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
-
Size
917KB
-
Sample
231111-kgtbvadf74
-
MD5
2ac50a2b4dcb3d922bbd74eafcf0132a
-
SHA1
cdfe4168f9b360a5070fe8985e80ffc49d73e6b6
-
SHA256
d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
-
SHA512
70113ef2c4bbcee9dec4e4291750f7f119e6f797982796c325d9ee77dc25725de8243dbbacefb2695a14db073abf85c47e6bacb57de0f04fe6f3ffe0140d804f
-
SSDEEP
24576:ey4C4Pj7HdiaeuIsKC/GPLYDb+E3c8KqmPekCQ:tH4Pj7NetrEG0vB7+
Static task
static1
Behavioral task
behavioral1
Sample
d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
-
Size
917KB
-
MD5
2ac50a2b4dcb3d922bbd74eafcf0132a
-
SHA1
cdfe4168f9b360a5070fe8985e80ffc49d73e6b6
-
SHA256
d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
-
SHA512
70113ef2c4bbcee9dec4e4291750f7f119e6f797982796c325d9ee77dc25725de8243dbbacefb2695a14db073abf85c47e6bacb57de0f04fe6f3ffe0140d804f
-
SSDEEP
24576:ey4C4Pj7HdiaeuIsKC/GPLYDb+E3c8KqmPekCQ:tH4Pj7NetrEG0vB7+
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-