General
-
Target
9a7a93c82af1bc82f9e33fee5dba3fb5.exe
-
Size
1.3MB
-
Sample
231111-wwe9babd37
-
MD5
9a7a93c82af1bc82f9e33fee5dba3fb5
-
SHA1
69ae897becac34569430b093eb6e18ad11f4ddc4
-
SHA256
87f4e7aeaed65193abfef68ae23e7fd9cda4aba4785d74b5e0011c97e59c5cb8
-
SHA512
fefae89437073cd2213dcc062ed3d9ec23cd1277cacc4467f4d053bcc670908de186a4d68a9c5dcb7a5f730250e3e5ea62eef6f991ecd6e8dd627033315591b3
-
SSDEEP
24576:IyGPL/R6hZM9aexIs7CHGC/IDFLK2aqqz1mL/kpRhtD/gkBjY7:P+7Ryi4eqQ6GbJKaqJmKFz8
Static task
static1
Behavioral task
behavioral1
Sample
9a7a93c82af1bc82f9e33fee5dba3fb5.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
9a7a93c82af1bc82f9e33fee5dba3fb5.exe
-
Size
1.3MB
-
MD5
9a7a93c82af1bc82f9e33fee5dba3fb5
-
SHA1
69ae897becac34569430b093eb6e18ad11f4ddc4
-
SHA256
87f4e7aeaed65193abfef68ae23e7fd9cda4aba4785d74b5e0011c97e59c5cb8
-
SHA512
fefae89437073cd2213dcc062ed3d9ec23cd1277cacc4467f4d053bcc670908de186a4d68a9c5dcb7a5f730250e3e5ea62eef6f991ecd6e8dd627033315591b3
-
SSDEEP
24576:IyGPL/R6hZM9aexIs7CHGC/IDFLK2aqqz1mL/kpRhtD/gkBjY7:P+7Ryi4eqQ6GbJKaqJmKFz8
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-