General
-
Target
3989b9cdb7533f6a4224d826075e7b68.bin
-
Size
874KB
-
Sample
231112-b6c7gsda59
-
MD5
f629a3a51d795b0ea7f303d50b7b1829
-
SHA1
32773e1b27ddb9da65c478a13a74b71db438660c
-
SHA256
34758a656b5349e7b5ebea3db962a0ee6593b013d42cafae079fc6135727baf4
-
SHA512
8d970d843024de3f86338978c2e6ce0074d82e7ac4a160115c0940ae7697e60a87b92b9f031e31f1e73bc3e5f1630f0a5635f0b166cf1398eac70241689a51a4
-
SSDEEP
24576:pRN87rWCKiLWCPUUkR7fEYaM1INTuiZUBlpaUmEK:nNmZLWT4g1IN6KUrpaUK
Static task
static1
Behavioral task
behavioral1
Sample
df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe
-
Size
917KB
-
MD5
3989b9cdb7533f6a4224d826075e7b68
-
SHA1
4979fe0fa01235312253ae25af744a6c16230d00
-
SHA256
df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae
-
SHA512
413e7878802b4770b16c522dd0022b21de285f6824c5e93dd0edf19982fc2bfdfd24aa924912bfbfcbfe3ee6c022d526a7e4b6ca621fce8f916ad8966f9428db
-
SSDEEP
24576:kybY+TVcaeuIsqC/G5LYD/iNm3Wvet44khJCJ:zbhfetjEGSycWW6vC
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-