General
-
Target
72d74e0d2fde67e2d12ae2faa727d015f30250f861ebf9bb5c70496a8d58e174
-
Size
917KB
-
Sample
231111-kpfeysdf83
-
MD5
a8fb75a3a9dbfe0112e8030d70cb6133
-
SHA1
0b3f1c1312d7cd73739164416419b914df721c5b
-
SHA256
72d74e0d2fde67e2d12ae2faa727d015f30250f861ebf9bb5c70496a8d58e174
-
SHA512
a83ed10fef81c8e066227e8e7b5f62b6a03b05910d9249d5eed0a336ff8b0ce5ad985c63cc0f0cd14a5b598aaa338c1e98a450cced53fdaa3824486435a5ba34
-
SSDEEP
12288:0MrAy90x3sGLNAZs1Oaex4IC5mpCPHGhtPLvTMXiYQRD2ZuUeVkEpcpCKHilSYaz:cyamTaeuIsyC/GfLYDbEQHhfTA36N
Static task
static1
Behavioral task
behavioral1
Sample
72d74e0d2fde67e2d12ae2faa727d015f30250f861ebf9bb5c70496a8d58e174.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
72d74e0d2fde67e2d12ae2faa727d015f30250f861ebf9bb5c70496a8d58e174
-
Size
917KB
-
MD5
a8fb75a3a9dbfe0112e8030d70cb6133
-
SHA1
0b3f1c1312d7cd73739164416419b914df721c5b
-
SHA256
72d74e0d2fde67e2d12ae2faa727d015f30250f861ebf9bb5c70496a8d58e174
-
SHA512
a83ed10fef81c8e066227e8e7b5f62b6a03b05910d9249d5eed0a336ff8b0ce5ad985c63cc0f0cd14a5b598aaa338c1e98a450cced53fdaa3824486435a5ba34
-
SSDEEP
12288:0MrAy90x3sGLNAZs1Oaex4IC5mpCPHGhtPLvTMXiYQRD2ZuUeVkEpcpCKHilSYaz:cyamTaeuIsyC/GfLYDbEQHhfTA36N
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-