General
-
Target
abb36a5714f1394a0c768ff83491ec8abccb1a4245fad7113dee3915067d92c1
-
Size
1.3MB
-
Sample
231112-b1t8tacc61
-
MD5
19c04474cb59dc28d2c68a8e1f6f1334
-
SHA1
93d7e070870c4d62cdfc4a219eee1004d8966a30
-
SHA256
abb36a5714f1394a0c768ff83491ec8abccb1a4245fad7113dee3915067d92c1
-
SHA512
b0963db13d42d0fa23e3a260201ad7cf177f089e6dcb106fe4a2cd716c45b0bb621afada3ab5853c0aac9421ca73d9ec15292c361b8c0b391971ff92e74a8297
-
SSDEEP
24576:UyeOlb+ZXaIaeAIs3C7Gb33DHUCpNl8Yxvy6i1QlC2yzhyvF7XCpE+i:j9PxeHYcGz758Ypy0slzhyN7XCN
Static task
static1
Behavioral task
behavioral1
Sample
abb36a5714f1394a0c768ff83491ec8abccb1a4245fad7113dee3915067d92c1.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
abb36a5714f1394a0c768ff83491ec8abccb1a4245fad7113dee3915067d92c1
-
Size
1.3MB
-
MD5
19c04474cb59dc28d2c68a8e1f6f1334
-
SHA1
93d7e070870c4d62cdfc4a219eee1004d8966a30
-
SHA256
abb36a5714f1394a0c768ff83491ec8abccb1a4245fad7113dee3915067d92c1
-
SHA512
b0963db13d42d0fa23e3a260201ad7cf177f089e6dcb106fe4a2cd716c45b0bb621afada3ab5853c0aac9421ca73d9ec15292c361b8c0b391971ff92e74a8297
-
SSDEEP
24576:UyeOlb+ZXaIaeAIs3C7Gb33DHUCpNl8Yxvy6i1QlC2yzhyvF7XCpE+i:j9PxeHYcGz758Ypy0slzhyN7XCN
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-