General
-
Target
94c5dec3dc55d94342b86817f62b2e58.exe
-
Size
1.3MB
-
Sample
231111-kyv7rscg51
-
MD5
94c5dec3dc55d94342b86817f62b2e58
-
SHA1
962bb43fd963eda46507436b1ed5d5d4b0d2a49e
-
SHA256
8e2397869f3ddac2b5daa8972947bb1768b8a349d9077276876cc7d77d2ecf1a
-
SHA512
8a07d1bf8ec4a46816076124629e93169f505c1a91eba9b7a6f870d0786c11204448ef383b6da8ba424508f9294720a6d9d887789c68a99d47fe0ab48249fadc
-
SSDEEP
24576:8yACdIZCO4EKaetIs8CsG470DDm/BtemVzNt2HUCGViv1mhbW2FKMWWB3h31I:rAYIZCSjee1fG1vmjeWR49G0Y6Yj1hF
Static task
static1
Behavioral task
behavioral1
Sample
94c5dec3dc55d94342b86817f62b2e58.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
94c5dec3dc55d94342b86817f62b2e58.exe
-
Size
1.3MB
-
MD5
94c5dec3dc55d94342b86817f62b2e58
-
SHA1
962bb43fd963eda46507436b1ed5d5d4b0d2a49e
-
SHA256
8e2397869f3ddac2b5daa8972947bb1768b8a349d9077276876cc7d77d2ecf1a
-
SHA512
8a07d1bf8ec4a46816076124629e93169f505c1a91eba9b7a6f870d0786c11204448ef383b6da8ba424508f9294720a6d9d887789c68a99d47fe0ab48249fadc
-
SSDEEP
24576:8yACdIZCO4EKaetIs8CsG470DDm/BtemVzNt2HUCGViv1mhbW2FKMWWB3h31I:rAYIZCSjee1fG1vmjeWR49G0Y6Yj1hF
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-