General
-
Target
3391a8f0517f09fbcbbcac7803c3a1f7bd03916e42d0b78f30d08a9423944a5f
-
Size
1.3MB
-
Sample
231111-tvd9hsae29
-
MD5
263b7f36ca73ed9934dabe921efeda12
-
SHA1
e73f96f9fa290d4c4eb5e7ff9d08e56663800100
-
SHA256
3391a8f0517f09fbcbbcac7803c3a1f7bd03916e42d0b78f30d08a9423944a5f
-
SHA512
000ff7770fbdb3884242a9ba30b1d35832f62db671631bcb2c3f4fdb5440b7de4252f7615768aa2f0446ae7992ae5c3f750decc2dc5b915707c1e6c4be5470f6
-
SSDEEP
24576:jyM0dZAZT91wsaePIsiCMG+QsDRJj6F+06bf6Wv+7wX4P1OWCN/VAI6g/:2MeEp61egR/G49N6c06e7mK0H/VT
Static task
static1
Behavioral task
behavioral1
Sample
3391a8f0517f09fbcbbcac7803c3a1f7bd03916e42d0b78f30d08a9423944a5f.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
3391a8f0517f09fbcbbcac7803c3a1f7bd03916e42d0b78f30d08a9423944a5f
-
Size
1.3MB
-
MD5
263b7f36ca73ed9934dabe921efeda12
-
SHA1
e73f96f9fa290d4c4eb5e7ff9d08e56663800100
-
SHA256
3391a8f0517f09fbcbbcac7803c3a1f7bd03916e42d0b78f30d08a9423944a5f
-
SHA512
000ff7770fbdb3884242a9ba30b1d35832f62db671631bcb2c3f4fdb5440b7de4252f7615768aa2f0446ae7992ae5c3f750decc2dc5b915707c1e6c4be5470f6
-
SSDEEP
24576:jyM0dZAZT91wsaePIsiCMG+QsDRJj6F+06bf6Wv+7wX4P1OWCN/VAI6g/:2MeEp61egR/G49N6c06e7mK0H/VT
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-